sbuild (Debian sbuild) 0.86.3~bpo12+1 (03 November 2024) on debusine-worker-arm64-demeter-09.freexian.com +==============================================================================+ | python-asyncssh 2.18.0-1 (arm64) Mon, 18 Nov 2024 00:50:15 +0000 | +==============================================================================+ Package: python-asyncssh Version: 2.18.0-1 Source Version: 2.18.0-1 Distribution: sid Machine Architecture: arm64 Host Architecture: arm64 Build Architecture: arm64 Build Type: binary I: No tarballs found in /var/lib/debusine/worker/.cache/sbuild Unpacking /var/lib/debusine/worker/system-images/957781/system.tar.xz to /tmp/tmp.sbuild.rBNEsD3jzg... I: NOTICE: Log filtering will replace 'sbuild-unshare-dummy-location' with '<>' +------------------------------------------------------------------------------+ | Chroot Setup Commands | +------------------------------------------------------------------------------+ rm -f /etc/resolv.conf ---------------------- I: Finished running 'rm -f /etc/resolv.conf'. Finished processing commands. -------------------------------------------------------------------------------- Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/dpkg-dbgsym_1.22.12~1.gbp82cafd_arm64.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/dpkg_1.22.12~1.gbp82cafd_arm64.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/dselect-dbgsym_1.22.12~1.gbp82cafd_arm64.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/dselect_1.22.12~1.gbp82cafd_arm64.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/libdpkg-dev_1.22.12~1.gbp82cafd_arm64.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/dpkg-dev_1.22.12~1.gbp82cafd_all.deb to /<>... Copying /tmp/debusine-fetch-exec-upload-vdqqxp_1/libdpkg-perl_1.22.12~1.gbp82cafd_all.deb to /<>... I: NOTICE: Log filtering will replace 'build/python-asyncssh-yMzs1J/resolver-7Nr6Bz' with '<>' +------------------------------------------------------------------------------+ | Update chroot | +------------------------------------------------------------------------------+ Get:1 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ InRelease Ign:1 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ InRelease Get:2 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ Release [606 B] Get:3 http://deb.debian.org/debian sid InRelease [202 kB] Get:2 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ Release [606 B] Get:4 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ Release.gpg Ign:4 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ Release.gpg Get:5 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ Packages [9246 B] Get:6 http://deb.debian.org/debian sid/main arm64 Packages [9955 kB] Get:7 http://deb.debian.org/debian sid/main arm64 Components [4907 kB] Fetched 15.1 MB in 2s (6385 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... Calculating upgrade... The following packages will be upgraded: apt bsdextrautils bsdutils debianutils dpkg dpkg-dev libapt-pkg6.0t64 libaudit-common libaudit1 libblkid1 libbrotli1 libcap-ng0 libdpkg-perl libglib2.0-0t64 libmarkdown2 libmount1 libpcre2-8-0 libseccomp2 libselinux1 libsemanage2 libsmartcols1 libsystemd0 libudev1 libuuid1 libxml2 login login.defs mount passwd util-linux 30 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 9274 kB/12.8 MB of archives. After this operation, 603 kB disk space will be freed. Get:1 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ dpkg 1.22.12~1.gbp82cafd [1513 kB] Get:2 http://deb.debian.org/debian sid/main arm64 bsdutils arm64 1:2.40.2-11 [104 kB] Get:3 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ dpkg-dev 1.22.12~1.gbp82cafd [1337 kB] Get:4 file:/build/python-asyncssh-yMzs1J/resolver-Lo6aKx/apt_archive ./ libdpkg-perl 1.22.12~1.gbp82cafd [647 kB] Get:5 http://deb.debian.org/debian sid/main arm64 debianutils arm64 5.21 [92.1 kB] Get:6 http://deb.debian.org/debian sid/main arm64 libsystemd0 arm64 257~rc2-3 [416 kB] Get:7 http://deb.debian.org/debian sid/main arm64 libudev1 arm64 257~rc2-3 [139 kB] Get:8 http://deb.debian.org/debian sid/main arm64 libapt-pkg6.0t64 arm64 2.9.11 [921 kB] Get:9 http://deb.debian.org/debian sid/main arm64 bsdextrautils arm64 2.40.2-11 [91.2 kB] Get:10 http://deb.debian.org/debian sid/main arm64 libblkid1 arm64 2.40.2-11 [162 kB] Get:11 http://deb.debian.org/debian sid/main arm64 libmount1 arm64 2.40.2-11 [190 kB] Get:12 http://deb.debian.org/debian sid/main arm64 libsmartcols1 arm64 2.40.2-11 [135 kB] Get:13 http://deb.debian.org/debian sid/main arm64 mount arm64 2.40.2-11 [153 kB] Get:14 http://deb.debian.org/debian sid/main arm64 libuuid1 arm64 2.40.2-11 [35.7 kB] Get:15 http://deb.debian.org/debian sid/main arm64 util-linux arm64 2.40.2-11 [1170 kB] Get:16 http://deb.debian.org/debian sid/main arm64 libpcre2-8-0 arm64 10.44-4 [243 kB] Get:17 http://deb.debian.org/debian sid/main arm64 libselinux1 arm64 3.7-3+b1 [72.1 kB] Get:18 http://deb.debian.org/debian sid/main arm64 libseccomp2 arm64 2.5.5-1+b3 [46.8 kB] Get:19 http://deb.debian.org/debian sid/main arm64 apt arm64 2.9.11 [1287 kB] Get:20 http://deb.debian.org/debian sid/main arm64 libaudit-common all 1:4.0.2-2 [12.7 kB] Get:21 http://deb.debian.org/debian sid/main arm64 libcap-ng0 arm64 0.8.5-3+b1 [17.0 kB] Get:22 http://deb.debian.org/debian sid/main arm64 libaudit1 arm64 1:4.0.2-2 [54.2 kB] Get:23 http://deb.debian.org/debian sid/main arm64 login arm64 1:4.16.0-2+really2.40.2-11 [80.0 kB] Get:24 http://deb.debian.org/debian sid/main arm64 login.defs all 1:4.16.0-5 [185 kB] Get:25 http://deb.debian.org/debian sid/main arm64 libsemanage2 arm64 3.7-2+b1 [84.5 kB] Get:26 http://deb.debian.org/debian sid/main arm64 passwd arm64 1:4.16.0-5 [1210 kB] Get:27 http://deb.debian.org/debian sid/main arm64 libbrotli1 arm64 1.1.0-2+b6 [297 kB] Get:28 http://deb.debian.org/debian sid/main arm64 libglib2.0-0t64 arm64 2.82.2-3 [1411 kB] Get:29 http://deb.debian.org/debian sid/main arm64 libmarkdown2 arm64 2.2.7-2.1 [33.1 kB] Get:30 http://deb.debian.org/debian sid/main arm64 libxml2 arm64 2.12.7+dfsg+really2.9.14-0.2+b1 [630 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 9274 kB in 0s (23.7 MB/s) (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17129 files and directories currently installed.) Preparing to unpack .../bsdutils_1%3a2.40.2-11_arm64.deb ... Unpacking bsdutils (1:2.40.2-11) over (1:2.40.2-10) ... Setting up bsdutils (1:2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17129 files and directories currently installed.) Preparing to unpack .../debianutils_5.21_arm64.deb ... Unpacking debianutils (5.21) over (5.20+b1) ... Setting up debianutils (5.21) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17128 files and directories currently installed.) Preparing to unpack .../libsystemd0_257~rc2-3_arm64.deb ... Unpacking libsystemd0:arm64 (257~rc2-3) over (257~rc1-4) ... Setting up libsystemd0:arm64 (257~rc2-3) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17128 files and directories currently installed.) Preparing to unpack .../libudev1_257~rc2-3_arm64.deb ... Unpacking libudev1:arm64 (257~rc2-3) over (257~rc1-4) ... Setting up libudev1:arm64 (257~rc2-3) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17128 files and directories currently installed.) Preparing to unpack .../libapt-pkg6.0t64_2.9.11_arm64.deb ... Unpacking libapt-pkg6.0t64:arm64 (2.9.11) over (2.9.10) ... Setting up libapt-pkg6.0t64:arm64 (2.9.11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17128 files and directories currently installed.) Preparing to unpack .../dpkg_1.22.12~1.gbp82cafd_arm64.deb ... Unpacking dpkg (1.22.12~1.gbp82cafd) over (1.22.11) ... Setting up dpkg (1.22.12~1.gbp82cafd) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17127 files and directories currently installed.) Preparing to unpack .../bsdextrautils_2.40.2-11_arm64.deb ... Unpacking bsdextrautils (2.40.2-11) over (2.40.2-10) ... Preparing to unpack .../libblkid1_2.40.2-11_arm64.deb ... Unpacking libblkid1:arm64 (2.40.2-11) over (2.40.2-10) ... Setting up libblkid1:arm64 (2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17123 files and directories currently installed.) Preparing to unpack .../libmount1_2.40.2-11_arm64.deb ... Unpacking libmount1:arm64 (2.40.2-11) over (2.40.2-10) ... Setting up libmount1:arm64 (2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17123 files and directories currently installed.) Preparing to unpack .../libsmartcols1_2.40.2-11_arm64.deb ... Unpacking libsmartcols1:arm64 (2.40.2-11) over (2.40.2-10) ... Setting up libsmartcols1:arm64 (2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17123 files and directories currently installed.) Preparing to unpack .../mount_2.40.2-11_arm64.deb ... Unpacking mount (2.40.2-11) over (2.40.2-10) ... Preparing to unpack .../libuuid1_2.40.2-11_arm64.deb ... Unpacking libuuid1:arm64 (2.40.2-11) over (2.40.2-10) ... Setting up libuuid1:arm64 (2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17123 files and directories currently installed.) Preparing to unpack .../util-linux_2.40.2-11_arm64.deb ... Unpacking util-linux (2.40.2-11) over (2.40.2-10) ... Setting up util-linux (2.40.2-11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17120 files and directories currently installed.) Preparing to unpack .../libpcre2-8-0_10.44-4_arm64.deb ... Unpacking libpcre2-8-0:arm64 (10.44-4) over (10.42-4+b2) ... Setting up libpcre2-8-0:arm64 (10.44-4) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17119 files and directories currently installed.) Preparing to unpack .../libselinux1_3.7-3+b1_arm64.deb ... Unpacking libselinux1:arm64 (3.7-3+b1) over (3.7-3) ... Setting up libselinux1:arm64 (3.7-3+b1) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17120 files and directories currently installed.) Preparing to unpack .../libseccomp2_2.5.5-1+b3_arm64.deb ... Unpacking libseccomp2:arm64 (2.5.5-1+b3) over (2.5.5-1+b2) ... Setting up libseccomp2:arm64 (2.5.5-1+b3) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17120 files and directories currently installed.) Preparing to unpack .../archives/apt_2.9.11_arm64.deb ... Unpacking apt (2.9.11) over (2.9.10) ... Setting up apt (2.9.11) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17117 files and directories currently installed.) Preparing to unpack .../libaudit-common_1%3a4.0.2-2_all.deb ... Unpacking libaudit-common (1:4.0.2-2) over (1:4.0.1-3) ... Setting up libaudit-common (1:4.0.2-2) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17117 files and directories currently installed.) Preparing to unpack .../libcap-ng0_0.8.5-3+b1_arm64.deb ... Unpacking libcap-ng0:arm64 (0.8.5-3+b1) over (0.8.5-3) ... Setting up libcap-ng0:arm64 (0.8.5-3+b1) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17118 files and directories currently installed.) Preparing to unpack .../libaudit1_1%3a4.0.2-2_arm64.deb ... Unpacking libaudit1:arm64 (1:4.0.2-2) over (1:4.0.1-3) ... Setting up libaudit1:arm64 (1:4.0.2-2) ... (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17118 files and directories currently installed.) Preparing to unpack .../0-login_1%3a4.16.0-2+really2.40.2-11_arm64.deb ... Unpacking login (1:4.16.0-2+really2.40.2-11) over (1:4.16.0-2+really2.40.2-10) ... Preparing to unpack .../1-login.defs_1%3a4.16.0-5_all.deb ... Unpacking login.defs (1:4.16.0-5) over (1:4.16.0-4) ... Preparing to unpack .../2-libsemanage2_3.7-2+b1_arm64.deb ... Unpacking libsemanage2:arm64 (3.7-2+b1) over (3.7-2) ... Preparing to unpack .../3-passwd_1%3a4.16.0-5_arm64.deb ... Unpacking passwd (1:4.16.0-5) over (1:4.16.0-4) ... Preparing to unpack .../4-dpkg-dev_1.22.12~1.gbp82cafd_all.deb ... Unpacking dpkg-dev (1.22.12~1.gbp82cafd) over (1.22.11) ... Preparing to unpack .../5-libdpkg-perl_1.22.12~1.gbp82cafd_all.deb ... Unpacking libdpkg-perl (1.22.12~1.gbp82cafd) over (1.22.11) ... Preparing to unpack .../6-libbrotli1_1.1.0-2+b6_arm64.deb ... Unpacking libbrotli1:arm64 (1.1.0-2+b6) over (1.1.0-2+b5) ... Preparing to unpack .../7-libglib2.0-0t64_2.82.2-3_arm64.deb ... Unpacking libglib2.0-0t64:arm64 (2.82.2-3) over (2.82.2-2) ... Preparing to unpack .../8-libmarkdown2_2.2.7-2.1_arm64.deb ... Unpacking libmarkdown2:arm64 (2.2.7-2.1) over (2.2.7-2+b1) ... Preparing to unpack .../9-libxml2_2.12.7+dfsg+really2.9.14-0.2+b1_arm64.deb ... Unpacking libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) over (2.12.7+dfsg+really2.9.14-0.1) ... Setting up bsdextrautils (2.40.2-11) ... Setting up login.defs (1:4.16.0-5) ... Installing new version of config file /etc/login.defs ... Setting up libbrotli1:arm64 (1.1.0-2+b6) ... Setting up libglib2.0-0t64:arm64 (2.82.2-3) ... No schema files found: doing nothing. Setting up libdpkg-perl (1.22.12~1.gbp82cafd) ... Setting up mount (2.40.2-11) ... Setting up libsemanage2:arm64 (3.7-2+b1) ... Setting up libxml2:arm64 (2.12.7+dfsg+really2.9.14-0.2+b1) ... Setting up libmarkdown2:arm64 (2.2.7-2.1) ... Setting up login (1:4.16.0-2+really2.40.2-11) ... Setting up dpkg-dev (1.22.12~1.gbp82cafd) ... Setting up passwd (1:4.16.0-5) ... Processing triggers for man-db (2.13.0-1) ... Processing triggers for libc-bin (2.40-3) ... +------------------------------------------------------------------------------+ | Fetch source files | +------------------------------------------------------------------------------+ Local sources ------------- /tmp/debusine-fetch-exec-upload-vdqqxp_1/python-asyncssh_2.18.0-1.dsc exists in /tmp/debusine-fetch-exec-upload-vdqqxp_1; copying to chroot I: NOTICE: Log filtering will replace 'build/python-asyncssh-yMzs1J/python-asyncssh-2.18.0' with '<>' I: NOTICE: Log filtering will replace 'build/python-asyncssh-yMzs1J' with '<>' +------------------------------------------------------------------------------+ | Install package build dependencies | +------------------------------------------------------------------------------+ Setup apt archive ----------------- Merged Build-Depends: debhelper-compat (= 12), dh-python, localehelper, openssh-client, openssl, openssl-provider-legacy | openssl (<< 3.3.1-5~), pybuild-plugin-pyproject, python3-all, python3-bcrypt (>= 3.1.3), python3-cryptography (>= 39.0), python3-fido2, python3-gssapi, python3-libnacl, python3-openssl, python3-pkcs11, python3-pytest, python3-setuptools, python3-sphinx (>= 1.0.7+dfsg-1~), python3-typing-extensions, build-essential, fakeroot Filtered Build-Depends: debhelper-compat (= 12), dh-python, localehelper, openssh-client, openssl, openssl-provider-legacy, pybuild-plugin-pyproject, python3-all, python3-bcrypt (>= 3.1.3), python3-cryptography (>= 39.0), python3-fido2, python3-gssapi, python3-libnacl, python3-openssl, python3-pkcs11, python3-pytest, python3-setuptools, python3-sphinx (>= 1.0.7+dfsg-1~), python3-typing-extensions, build-essential, fakeroot dpkg-deb: warning: root directory has unusual owner or group 998:999. Hint: either pass --root-owner-group, see dpkg-build-api(7) or add an explicit 'Rules-Requires-Root: no' in debian/control. dpkg-deb: warning: ignoring 1 warning about the control file(s) dpkg-deb: building package 'sbuild-build-depends-main-dummy' in '/<>/apt_archive/sbuild-build-depends-main-dummy.deb'. Ign:1 copy:/<>/apt_archive ./ InRelease Get:2 copy:/<>/apt_archive ./ Release [615 B] Ign:3 copy:/<>/apt_archive ./ Release.gpg Get:4 copy:/<>/apt_archive ./ Sources [1081 B] Get:5 copy:/<>/apt_archive ./ Packages [1002 B] Fetched 2698 B in 0s (226 kB/s) Reading package lists... Get:1 file:/<>/resolver-Lo6aKx/apt_archive ./ InRelease Ign:1 file:/<>/resolver-Lo6aKx/apt_archive ./ InRelease Get:2 file:/<>/resolver-Lo6aKx/apt_archive ./ Release [606 B] Get:2 file:/<>/resolver-Lo6aKx/apt_archive ./ Release [606 B] Get:3 file:/<>/resolver-Lo6aKx/apt_archive ./ Release.gpg Ign:3 file:/<>/resolver-Lo6aKx/apt_archive ./ Release.gpg Reading package lists... Reading package lists... Install main build dependencies (apt-based resolver) ---------------------------------------------------- Installing build dependencies Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: adduser autoconf automake autopoint autotools-dev build-essential cpp cpp-14 cpp-14-aarch64-linux-gnu cpp-aarch64-linux-gnu debhelper dh-autoreconf dh-python dh-strip-nondeterminism docutils-common dwz fakeroot fonts-font-awesome fonts-lato g++ g++-14 g++-14-aarch64-linux-gnu g++-aarch64-linux-gnu gcc gcc-14 gcc-14-aarch64-linux-gnu gcc-aarch64-linux-gnu libasan8 libc-dev-bin libc-l10n libc6-dev libcbor0.10 libcc1-0 libcrypt-dev libdebhelper-perl libedit2 libelf1t64 libexpat1 libfakeroot libfido2-1 libfile-stripnondeterminism-perl libgcc-14-dev libhwasan0 libisl23 libitm1 libjs-jquery libjs-sphinxdoc libjs-underscore libjson-perl liblsan0 libmpc3 libmpfr6 libncursesw6 libnsl2 libpython3-stdlib libpython3.12-minimal libpython3.12-stdlib libpython3.13-minimal libpython3.13-stdlib libsodium23 libstdc++-14-dev libtirpc-common libtirpc3t64 libtool libtsan2 libubsan1 linux-libc-dev localehelper locales m4 media-types openssh-client po-debconf pybuild-plugin-pyproject python-babel-localedata python3 python3-alabaster python3-all python3-asn1crypto python3-autocommand python3-babel python3-bcrypt python3-build python3-cached-property python3-certifi python3-cffi-backend python3-chardet python3-charset-normalizer python3-cryptography python3-decorator python3-defusedxml python3-docutils python3-fido2 python3-gssapi python3-idna python3-imagesize python3-inflect python3-iniconfig python3-installer python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-jinja2 python3-libnacl python3-markupsafe python3-minimal python3-more-itertools python3-openssl python3-packaging python3-pkcs11 python3-pkg-resources python3-pluggy python3-pygments python3-pyproject-hooks python3-pytest python3-requests python3-roman python3-setuptools python3-snowballstemmer python3-sphinx python3-toml python3-typeguard python3-typing-extensions python3-urllib3 python3-wheel python3-zipp python3.12 python3.12-minimal python3.13 python3.13-minimal rpcsvc-proto sgml-base sphinx-common sphinx-rtd-theme-common xml-core Suggested packages: liblocale-gettext-perl cron quota autoconf-archive gnu-standards autoconf-doc cpp-doc gcc-14-locales cpp-14-doc dh-make flit gcc-14-doc gcc-multilib manpages-dev flex bison gdb gcc-doc gdb-aarch64-linux-gnu libc-devtools glibc-doc libstdc++-14-doc libtool-doc gfortran | fortran95-compiler gcj-jdk m4-doc keychain libpam-ssh monkeysphere ssh-askpass libmail-box-perl python3-doc python3-tk python3-venv python3-pip python-build-doc python-charset-normalizer-doc python-cryptography-doc python3-cryptography-vectors docutils-doc fonts-linuxlibertine | ttf-linux-libertine texlive-lang-french texlive-latex-base texlive-latex-recommended python-installer-doc python-jinja2-doc python-openssl-doc python-pygments-doc ttf-bitstream-vera python3-socks python-requests-doc python-setuptools-doc python3-stemmer dvipng dvisvgm fonts-freefont-otf imagemagick-6.q16 latexmk libjs-mathjax python3-sphinx-rtd-theme sphinx-doc tex-gyre texlive-fonts-extra texlive-fonts-recommended texlive-latex-extra texlive-plain-generic python3-brotli python3.12-venv python3.12-doc binfmt-support python3.13-venv python3.13-doc sgml-base-doc Recommended packages: manpages manpages-dev libarchive-cpio-perl javascript-common libjson-xs-perl libgpm2 libltdl-dev xauth libmail-sendmail-perl libpaper-utils python3-pil The following NEW packages will be installed: adduser autoconf automake autopoint autotools-dev build-essential cpp cpp-14 cpp-14-aarch64-linux-gnu cpp-aarch64-linux-gnu debhelper dh-autoreconf dh-python dh-strip-nondeterminism docutils-common dwz fakeroot fonts-font-awesome fonts-lato g++ g++-14 g++-14-aarch64-linux-gnu g++-aarch64-linux-gnu gcc gcc-14 gcc-14-aarch64-linux-gnu gcc-aarch64-linux-gnu libasan8 libc-dev-bin libc-l10n libc6-dev libcbor0.10 libcc1-0 libcrypt-dev libdebhelper-perl libedit2 libelf1t64 libexpat1 libfakeroot libfido2-1 libfile-stripnondeterminism-perl libgcc-14-dev libhwasan0 libisl23 libitm1 libjs-jquery libjs-sphinxdoc libjs-underscore libjson-perl liblsan0 libmpc3 libmpfr6 libncursesw6 libnsl2 libpython3-stdlib libpython3.12-minimal libpython3.12-stdlib libpython3.13-minimal libpython3.13-stdlib libsodium23 libstdc++-14-dev libtirpc-common libtirpc3t64 libtool libtsan2 libubsan1 linux-libc-dev localehelper locales m4 media-types openssh-client po-debconf pybuild-plugin-pyproject python-babel-localedata python3 python3-alabaster python3-all python3-asn1crypto python3-autocommand python3-babel python3-bcrypt python3-build python3-cached-property python3-certifi python3-cffi-backend python3-chardet python3-charset-normalizer python3-cryptography python3-decorator python3-defusedxml python3-docutils python3-fido2 python3-gssapi python3-idna python3-imagesize python3-inflect python3-iniconfig python3-installer python3-jaraco.context python3-jaraco.functools python3-jaraco.text python3-jinja2 python3-libnacl python3-markupsafe python3-minimal python3-more-itertools python3-openssl python3-packaging python3-pkcs11 python3-pkg-resources python3-pluggy python3-pygments python3-pyproject-hooks python3-pytest python3-requests python3-roman python3-setuptools python3-snowballstemmer python3-sphinx python3-toml python3-typeguard python3-typing-extensions python3-urllib3 python3-wheel python3-zipp python3.12 python3.12-minimal python3.13 python3.13-minimal rpcsvc-proto sbuild-build-depends-main-dummy sgml-base sphinx-common sphinx-rtd-theme-common xml-core 0 upgraded, 136 newly installed, 0 to remove and 0 not upgraded. Need to get 96.6 MB of archives. After this operation, 404 MB of additional disk space will be used. Get:1 copy:/<>/apt_archive ./ sbuild-build-depends-main-dummy 0.invalid.0 [1052 B] Get:2 http://deb.debian.org/debian sid/main arm64 fonts-lato all 2.015-1 [2780 kB] Get:3 http://deb.debian.org/debian sid/main arm64 libpython3.12-minimal arm64 3.12.7-3 [808 kB] Get:4 http://deb.debian.org/debian sid/main arm64 libexpat1 arm64 2.6.4-1 [90.7 kB] Get:5 http://deb.debian.org/debian sid/main arm64 python3.12-minimal arm64 3.12.7-3 [1940 kB] Get:6 http://deb.debian.org/debian sid/main arm64 python3-minimal arm64 3.12.7-1 [26.8 kB] Get:7 http://deb.debian.org/debian sid/main arm64 media-types all 10.1.0 [26.9 kB] Get:8 http://deb.debian.org/debian sid/main arm64 libncursesw6 arm64 6.5-2+b1 [125 kB] Get:9 http://deb.debian.org/debian sid/main arm64 libtirpc-common all 1.3.4+ds-1.3 [10.9 kB] Get:10 http://deb.debian.org/debian sid/main arm64 libtirpc3t64 arm64 1.3.4+ds-1.3+b1 [78.7 kB] Get:11 http://deb.debian.org/debian sid/main arm64 libnsl2 arm64 1.3.0-3+b3 [37.9 kB] Get:12 http://deb.debian.org/debian sid/main arm64 libpython3.12-stdlib arm64 3.12.7-3 [1902 kB] Get:13 http://deb.debian.org/debian sid/main arm64 python3.12 arm64 3.12.7-3 [671 kB] Get:14 http://deb.debian.org/debian sid/main arm64 libpython3-stdlib arm64 3.12.7-1 [9708 B] Get:15 http://deb.debian.org/debian sid/main arm64 python3 arm64 3.12.7-1 [27.8 kB] Get:16 http://deb.debian.org/debian sid/main arm64 libpython3.13-minimal arm64 3.13.0-2 [850 kB] Get:17 http://deb.debian.org/debian sid/main arm64 python3.13-minimal arm64 3.13.0-2 [1838 kB] Get:18 http://deb.debian.org/debian sid/main arm64 sgml-base all 1.31 [15.4 kB] Get:19 http://deb.debian.org/debian sid/main arm64 adduser all 3.137 [140 kB] Get:20 http://deb.debian.org/debian sid/main arm64 libc-l10n all 2.40-3 [724 kB] Get:21 http://deb.debian.org/debian sid/main arm64 locales all 2.40-3 [3903 kB] Get:22 http://deb.debian.org/debian sid/main arm64 libedit2 arm64 3.1-20240808-1 [89.2 kB] Get:23 http://deb.debian.org/debian sid/main arm64 libcbor0.10 arm64 0.10.2-2 [27.4 kB] Get:24 http://deb.debian.org/debian sid/main arm64 libfido2-1 arm64 1.15.0-1+b1 [74.3 kB] Get:25 http://deb.debian.org/debian sid/main arm64 openssh-client arm64 1:9.9p1-3 [928 kB] Get:26 http://deb.debian.org/debian sid/main arm64 m4 arm64 1.4.19-4 [277 kB] Get:27 http://deb.debian.org/debian sid/main arm64 autoconf all 2.72-3 [493 kB] Get:28 http://deb.debian.org/debian sid/main arm64 autotools-dev all 20220109.1 [51.6 kB] Get:29 http://deb.debian.org/debian sid/main arm64 automake all 1:1.16.5-1.3 [823 kB] Get:30 http://deb.debian.org/debian sid/main arm64 autopoint all 0.22.5-2 [723 kB] Get:31 http://deb.debian.org/debian sid/main arm64 libc-dev-bin arm64 2.40-3 [50.9 kB] Get:32 http://deb.debian.org/debian sid/main arm64 linux-libc-dev all 6.11.7-1 [2454 kB] Get:33 http://deb.debian.org/debian sid/main arm64 libcrypt-dev arm64 1:4.4.36-5 [122 kB] Get:34 http://deb.debian.org/debian sid/main arm64 rpcsvc-proto arm64 1.4.3-1+b1 [60.5 kB] Get:35 http://deb.debian.org/debian sid/main arm64 libc6-dev arm64 2.40-3 [1591 kB] Get:36 http://deb.debian.org/debian sid/main arm64 libisl23 arm64 0.27-1 [601 kB] Get:37 http://deb.debian.org/debian sid/main arm64 libmpfr6 arm64 4.2.1-1+b2 [680 kB] Get:38 http://deb.debian.org/debian sid/main arm64 libmpc3 arm64 1.3.1-1+b3 [50.5 kB] Get:39 http://deb.debian.org/debian sid/main arm64 cpp-14-aarch64-linux-gnu arm64 14.2.0-8 [9166 kB] Get:40 http://deb.debian.org/debian sid/main arm64 cpp-14 arm64 14.2.0-8 [1284 B] Get:41 http://deb.debian.org/debian sid/main arm64 cpp-aarch64-linux-gnu arm64 4:14.2.0-1 [4832 B] Get:42 http://deb.debian.org/debian sid/main arm64 cpp arm64 4:14.2.0-1 [1568 B] Get:43 http://deb.debian.org/debian sid/main arm64 libcc1-0 arm64 14.2.0-8 [42.2 kB] Get:44 http://deb.debian.org/debian sid/main arm64 libitm1 arm64 14.2.0-8 [24.2 kB] Get:45 http://deb.debian.org/debian sid/main arm64 libasan8 arm64 14.2.0-8 [2579 kB] Get:46 http://deb.debian.org/debian sid/main arm64 liblsan0 arm64 14.2.0-8 [1161 kB] Get:47 http://deb.debian.org/debian sid/main arm64 libtsan2 arm64 14.2.0-8 [2386 kB] Get:48 http://deb.debian.org/debian sid/main arm64 libubsan1 arm64 14.2.0-8 [1039 kB] Get:49 http://deb.debian.org/debian sid/main arm64 libhwasan0 arm64 14.2.0-8 [1442 kB] Get:50 http://deb.debian.org/debian sid/main arm64 libgcc-14-dev arm64 14.2.0-8 [2365 kB] Get:51 http://deb.debian.org/debian sid/main arm64 gcc-14-aarch64-linux-gnu arm64 14.2.0-8 [17.7 MB] Get:52 http://deb.debian.org/debian sid/main arm64 gcc-14 arm64 14.2.0-8 [519 kB] Get:53 http://deb.debian.org/debian sid/main arm64 gcc-aarch64-linux-gnu arm64 4:14.2.0-1 [1440 B] Get:54 http://deb.debian.org/debian sid/main arm64 gcc arm64 4:14.2.0-1 [5136 B] Get:55 http://deb.debian.org/debian sid/main arm64 libstdc++-14-dev arm64 14.2.0-8 [2267 kB] Get:56 http://deb.debian.org/debian sid/main arm64 g++-14-aarch64-linux-gnu arm64 14.2.0-8 [10.1 MB] Get:57 http://deb.debian.org/debian sid/main arm64 g++-14 arm64 14.2.0-8 [20.2 kB] Get:58 http://deb.debian.org/debian sid/main arm64 g++-aarch64-linux-gnu arm64 4:14.2.0-1 [1200 B] Get:59 http://deb.debian.org/debian sid/main arm64 g++ arm64 4:14.2.0-1 [1332 B] Get:60 http://deb.debian.org/debian sid/main arm64 build-essential arm64 12.12 [4624 B] Get:61 http://deb.debian.org/debian sid/main arm64 libdebhelper-perl all 13.20 [89.7 kB] Get:62 http://deb.debian.org/debian sid/main arm64 libtool all 2.4.7-8 [517 kB] Get:63 http://deb.debian.org/debian sid/main arm64 dh-autoreconf all 20 [17.1 kB] Get:64 http://deb.debian.org/debian sid/main arm64 libfile-stripnondeterminism-perl all 1.14.0-1 [19.5 kB] Get:65 http://deb.debian.org/debian sid/main arm64 dh-strip-nondeterminism all 1.14.0-1 [8448 B] Get:66 http://deb.debian.org/debian sid/main arm64 libelf1t64 arm64 0.192-4 [189 kB] Get:67 http://deb.debian.org/debian sid/main arm64 dwz arm64 0.15-1+b1 [102 kB] Get:68 http://deb.debian.org/debian sid/main arm64 po-debconf all 1.0.21+nmu1 [248 kB] Get:69 http://deb.debian.org/debian sid/main arm64 debhelper all 13.20 [915 kB] Get:70 http://deb.debian.org/debian sid/main arm64 python3-autocommand all 2.2.2-3 [13.6 kB] Get:71 http://deb.debian.org/debian sid/main arm64 python3-more-itertools all 10.5.0-1 [63.8 kB] Get:72 http://deb.debian.org/debian sid/main arm64 python3-typing-extensions all 4.12.2-2 [73.0 kB] Get:73 http://deb.debian.org/debian sid/main arm64 python3-typeguard all 4.4.1-1 [37.0 kB] Get:74 http://deb.debian.org/debian sid/main arm64 python3-inflect all 7.3.1-2 [32.4 kB] Get:75 http://deb.debian.org/debian sid/main arm64 python3-jaraco.context all 6.0.0-1 [7984 B] Get:76 http://deb.debian.org/debian sid/main arm64 python3-jaraco.functools all 4.1.0-1 [12.0 kB] Get:77 http://deb.debian.org/debian sid/main arm64 python3-pkg-resources all 75.2.0-1 [213 kB] Get:78 http://deb.debian.org/debian sid/main arm64 python3-jaraco.text all 4.0.0-1 [11.4 kB] Get:79 http://deb.debian.org/debian sid/main arm64 python3-zipp all 3.21.0-1 [10.6 kB] Get:80 http://deb.debian.org/debian sid/main arm64 python3-setuptools all 75.2.0-1 [731 kB] Get:81 http://deb.debian.org/debian sid/main arm64 dh-python all 6.20241024 [109 kB] Get:82 http://deb.debian.org/debian sid/main arm64 xml-core all 0.19 [20.1 kB] Get:83 http://deb.debian.org/debian sid/main arm64 docutils-common all 0.21.2+dfsg-2 [128 kB] Get:84 http://deb.debian.org/debian sid/main arm64 libfakeroot arm64 1.36-1 [29.1 kB] Get:85 http://deb.debian.org/debian sid/main arm64 fakeroot arm64 1.36-1 [74.4 kB] Get:86 http://deb.debian.org/debian sid/main arm64 fonts-font-awesome all 5.0.10+really4.7.0~dfsg-4.1 [517 kB] Get:87 http://deb.debian.org/debian sid/main arm64 libjs-jquery all 3.6.1+dfsg+~3.5.14-1 [326 kB] Get:88 http://deb.debian.org/debian sid/main arm64 libjs-underscore all 1.13.4~dfsg+~1.11.4-3 [116 kB] Get:89 http://deb.debian.org/debian sid/main arm64 libjs-sphinxdoc all 7.4.7-4 [158 kB] Get:90 http://deb.debian.org/debian sid/main arm64 libjson-perl all 4.10000-1 [87.5 kB] Get:91 http://deb.debian.org/debian sid/main arm64 libpython3.13-stdlib arm64 3.13.0-2 [1922 kB] Get:92 http://deb.debian.org/debian sid/main arm64 libsodium23 arm64 1.0.18-1+b2 [121 kB] Get:93 http://deb.debian.org/debian sid/main arm64 localehelper all 0.1.4-3.1 [7928 B] Get:94 http://deb.debian.org/debian sid/main arm64 python3-packaging all 24.2-1 [55.3 kB] Get:95 http://deb.debian.org/debian sid/main arm64 python3-pyproject-hooks all 1.2.0-1 [11.7 kB] Get:96 http://deb.debian.org/debian sid/main arm64 python3-toml all 0.10.2-1 [16.2 kB] Get:97 http://deb.debian.org/debian sid/main arm64 python3-wheel all 0.45.0-1 [56.7 kB] Get:98 http://deb.debian.org/debian sid/main arm64 python3-build all 1.2.2-1 [36.0 kB] Get:99 http://deb.debian.org/debian sid/main arm64 python3-installer all 0.7.0+dfsg1-3 [18.6 kB] Get:100 http://deb.debian.org/debian sid/main arm64 pybuild-plugin-pyproject all 6.20241024 [11.4 kB] Get:101 http://deb.debian.org/debian sid/main arm64 python-babel-localedata all 2.16.0-1 [5696 kB] Get:102 http://deb.debian.org/debian sid/main arm64 python3-alabaster all 0.7.16-0.1 [27.9 kB] Get:103 http://deb.debian.org/debian sid/main arm64 python3.13 arm64 3.13.0-2 [730 kB] Get:104 http://deb.debian.org/debian sid/main arm64 python3-all arm64 3.12.7-1 [1052 B] Get:105 http://deb.debian.org/debian sid/main arm64 python3-asn1crypto all 1.5.1-3 [85.9 kB] Get:106 http://deb.debian.org/debian sid/main arm64 python3-babel all 2.16.0-1 [114 kB] Get:107 http://deb.debian.org/debian sid/main arm64 python3-bcrypt arm64 4.2.0-2 [188 kB] Get:108 http://deb.debian.org/debian sid/main arm64 python3-cached-property all 1.5.2-1 [12.5 kB] Get:109 http://deb.debian.org/debian sid/main arm64 python3-certifi all 2024.8.30+dfsg-1 [9576 B] Get:110 http://deb.debian.org/debian sid/main arm64 python3-cffi-backend arm64 1.17.1-2+b1 [94.8 kB] Get:111 http://deb.debian.org/debian sid/main arm64 python3-chardet all 5.2.0+dfsg-1 [107 kB] Get:112 http://deb.debian.org/debian sid/main arm64 python3-charset-normalizer arm64 3.4.0-1+b1 [129 kB] Get:113 http://deb.debian.org/debian sid/main arm64 python3-cryptography arm64 43.0.0-1 [835 kB] Get:114 http://deb.debian.org/debian sid/main arm64 python3-decorator all 5.1.1-5 [15.1 kB] Get:115 http://deb.debian.org/debian sid/main arm64 python3-defusedxml all 0.7.1-2 [43.3 kB] Get:116 http://deb.debian.org/debian sid/main arm64 python3-roman all 4.2-1 [10.4 kB] Get:117 http://deb.debian.org/debian sid/main arm64 python3-docutils all 0.21.2+dfsg-2 [403 kB] Get:118 http://deb.debian.org/debian sid/main arm64 python3-fido2 all 1.1.3-1 [163 kB] Get:119 http://deb.debian.org/debian sid/main arm64 python3-gssapi arm64 1.9.0-1+b1 [580 kB] Get:120 http://deb.debian.org/debian sid/main arm64 python3-idna all 3.8-2 [41.6 kB] Get:121 http://deb.debian.org/debian sid/main arm64 python3-imagesize all 1.4.1-1 [6688 B] Get:122 http://deb.debian.org/debian sid/main arm64 python3-iniconfig all 1.1.1-2 [6396 B] Get:123 http://deb.debian.org/debian sid/main arm64 python3-markupsafe arm64 2.1.5-1+b3 [14.0 kB] Get:124 http://deb.debian.org/debian sid/main arm64 python3-jinja2 all 3.1.3-1 [119 kB] Get:125 http://deb.debian.org/debian sid/main arm64 python3-libnacl all 2.1.0-2 [15.2 kB] Get:126 http://deb.debian.org/debian sid/main arm64 python3-openssl all 24.2.1-1 [53.2 kB] Get:127 http://deb.debian.org/debian sid/main arm64 sphinx-rtd-theme-common all 3.0.2+dfsg-1 [1023 kB] Get:128 http://deb.debian.org/debian sid/main arm64 python3-pkcs11 arm64 0.7.0-1+b4 [386 kB] Get:129 http://deb.debian.org/debian sid/main arm64 python3-pluggy all 1.5.0-1 [26.9 kB] Get:130 http://deb.debian.org/debian sid/main arm64 python3-pygments all 2.18.0+dfsg-1 [836 kB] Get:131 http://deb.debian.org/debian sid/main arm64 python3-pytest all 8.3.3-1 [249 kB] Get:132 http://deb.debian.org/debian sid/main arm64 python3-urllib3 all 2.0.7-2 [111 kB] Get:133 http://deb.debian.org/debian sid/main arm64 python3-requests all 2.32.3+dfsg-1 [71.9 kB] Get:134 http://deb.debian.org/debian sid/main arm64 python3-snowballstemmer all 2.2.0-4 [58.0 kB] Get:135 http://deb.debian.org/debian sid/main arm64 sphinx-common all 7.4.7-4 [731 kB] Get:136 http://deb.debian.org/debian sid/main arm64 python3-sphinx all 7.4.7-4 [588 kB] debconf: delaying package configuration, since apt-utils is not installed Fetched 96.6 MB in 1s (100 MB/s) Selecting previously unselected package fonts-lato. (Reading database ... 17119 files and directories currently installed.) Preparing to unpack .../fonts-lato_2.015-1_all.deb ... Unpacking fonts-lato (2.015-1) ... Selecting previously unselected package libpython3.12-minimal:arm64. Preparing to unpack .../libpython3.12-minimal_3.12.7-3_arm64.deb ... Unpacking libpython3.12-minimal:arm64 (3.12.7-3) ... Selecting previously unselected package libexpat1:arm64. Preparing to unpack .../libexpat1_2.6.4-1_arm64.deb ... Unpacking libexpat1:arm64 (2.6.4-1) ... Selecting previously unselected package python3.12-minimal. Preparing to unpack .../python3.12-minimal_3.12.7-3_arm64.deb ... Unpacking python3.12-minimal (3.12.7-3) ... Setting up libpython3.12-minimal:arm64 (3.12.7-3) ... Setting up libexpat1:arm64 (2.6.4-1) ... Setting up python3.12-minimal (3.12.7-3) ... Selecting previously unselected package python3-minimal. (Reading database ... 17464 files and directories currently installed.) Preparing to unpack .../0-python3-minimal_3.12.7-1_arm64.deb ... Unpacking python3-minimal (3.12.7-1) ... Selecting previously unselected package media-types. Preparing to unpack .../1-media-types_10.1.0_all.deb ... Unpacking media-types (10.1.0) ... Selecting previously unselected package libncursesw6:arm64. Preparing to unpack .../2-libncursesw6_6.5-2+b1_arm64.deb ... Unpacking libncursesw6:arm64 (6.5-2+b1) ... Selecting previously unselected package libtirpc-common. Preparing to unpack .../3-libtirpc-common_1.3.4+ds-1.3_all.deb ... Unpacking libtirpc-common (1.3.4+ds-1.3) ... Selecting previously unselected package libtirpc3t64:arm64. Preparing to unpack .../4-libtirpc3t64_1.3.4+ds-1.3+b1_arm64.deb ... Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3 to /lib/aarch64-linux-gnu/libtirpc.so.3.usr-is-merged by libtirpc3t64' Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3.0.0 to /lib/aarch64-linux-gnu/libtirpc.so.3.0.0.usr-is-merged by libtirpc3t64' Unpacking libtirpc3t64:arm64 (1.3.4+ds-1.3+b1) ... Selecting previously unselected package libnsl2:arm64. Preparing to unpack .../5-libnsl2_1.3.0-3+b3_arm64.deb ... Unpacking libnsl2:arm64 (1.3.0-3+b3) ... Selecting previously unselected package libpython3.12-stdlib:arm64. Preparing to unpack .../6-libpython3.12-stdlib_3.12.7-3_arm64.deb ... Unpacking libpython3.12-stdlib:arm64 (3.12.7-3) ... Selecting previously unselected package python3.12. Preparing to unpack .../7-python3.12_3.12.7-3_arm64.deb ... Unpacking python3.12 (3.12.7-3) ... Selecting previously unselected package libpython3-stdlib:arm64. Preparing to unpack .../8-libpython3-stdlib_3.12.7-1_arm64.deb ... Unpacking libpython3-stdlib:arm64 (3.12.7-1) ... Setting up python3-minimal (3.12.7-1) ... Selecting previously unselected package python3. (Reading database ... 17937 files and directories currently installed.) Preparing to unpack .../python3_3.12.7-1_arm64.deb ... Unpacking python3 (3.12.7-1) ... Selecting previously unselected package libpython3.13-minimal:arm64. Preparing to unpack .../libpython3.13-minimal_3.13.0-2_arm64.deb ... Unpacking libpython3.13-minimal:arm64 (3.13.0-2) ... Selecting previously unselected package python3.13-minimal. Preparing to unpack .../python3.13-minimal_3.13.0-2_arm64.deb ... Unpacking python3.13-minimal (3.13.0-2) ... Selecting previously unselected package sgml-base. Preparing to unpack .../sgml-base_1.31_all.deb ... Unpacking sgml-base (1.31) ... Selecting previously unselected package adduser. Preparing to unpack .../archives/adduser_3.137_all.deb ... Unpacking adduser (3.137) ... Setting up adduser (3.137) ... Selecting previously unselected package libc-l10n. (Reading database ... 18378 files and directories currently installed.) Preparing to unpack .../000-libc-l10n_2.40-3_all.deb ... Unpacking libc-l10n (2.40-3) ... Selecting previously unselected package locales. Preparing to unpack .../001-locales_2.40-3_all.deb ... Unpacking locales (2.40-3) ... Selecting previously unselected package libedit2:arm64. Preparing to unpack .../002-libedit2_3.1-20240808-1_arm64.deb ... Unpacking libedit2:arm64 (3.1-20240808-1) ... Selecting previously unselected package libcbor0.10:arm64. Preparing to unpack .../003-libcbor0.10_0.10.2-2_arm64.deb ... Unpacking libcbor0.10:arm64 (0.10.2-2) ... Selecting previously unselected package libfido2-1:arm64. Preparing to unpack .../004-libfido2-1_1.15.0-1+b1_arm64.deb ... Unpacking libfido2-1:arm64 (1.15.0-1+b1) ... Selecting previously unselected package openssh-client. Preparing to unpack .../005-openssh-client_1%3a9.9p1-3_arm64.deb ... Unpacking openssh-client (1:9.9p1-3) ... Selecting previously unselected package m4. Preparing to unpack .../006-m4_1.4.19-4_arm64.deb ... Unpacking m4 (1.4.19-4) ... Selecting previously unselected package autoconf. Preparing to unpack .../007-autoconf_2.72-3_all.deb ... Unpacking autoconf (2.72-3) ... Selecting previously unselected package autotools-dev. Preparing to unpack .../008-autotools-dev_20220109.1_all.deb ... Unpacking autotools-dev (20220109.1) ... Selecting previously unselected package automake. Preparing to unpack .../009-automake_1%3a1.16.5-1.3_all.deb ... Unpacking automake (1:1.16.5-1.3) ... Selecting previously unselected package autopoint. Preparing to unpack .../010-autopoint_0.22.5-2_all.deb ... Unpacking autopoint (0.22.5-2) ... Selecting previously unselected package libc-dev-bin. Preparing to unpack .../011-libc-dev-bin_2.40-3_arm64.deb ... Unpacking libc-dev-bin (2.40-3) ... Selecting previously unselected package linux-libc-dev. Preparing to unpack .../012-linux-libc-dev_6.11.7-1_all.deb ... Unpacking linux-libc-dev (6.11.7-1) ... Selecting previously unselected package libcrypt-dev:arm64. Preparing to unpack .../013-libcrypt-dev_1%3a4.4.36-5_arm64.deb ... Unpacking libcrypt-dev:arm64 (1:4.4.36-5) ... Selecting previously unselected package rpcsvc-proto. Preparing to unpack .../014-rpcsvc-proto_1.4.3-1+b1_arm64.deb ... Unpacking rpcsvc-proto (1.4.3-1+b1) ... Selecting previously unselected package libc6-dev:arm64. Preparing to unpack .../015-libc6-dev_2.40-3_arm64.deb ... Unpacking libc6-dev:arm64 (2.40-3) ... Selecting previously unselected package libisl23:arm64. Preparing to unpack .../016-libisl23_0.27-1_arm64.deb ... Unpacking libisl23:arm64 (0.27-1) ... Selecting previously unselected package libmpfr6:arm64. Preparing to unpack .../017-libmpfr6_4.2.1-1+b2_arm64.deb ... Unpacking libmpfr6:arm64 (4.2.1-1+b2) ... Selecting previously unselected package libmpc3:arm64. Preparing to unpack .../018-libmpc3_1.3.1-1+b3_arm64.deb ... Unpacking libmpc3:arm64 (1.3.1-1+b3) ... Selecting previously unselected package cpp-14-aarch64-linux-gnu. Preparing to unpack .../019-cpp-14-aarch64-linux-gnu_14.2.0-8_arm64.deb ... Unpacking cpp-14-aarch64-linux-gnu (14.2.0-8) ... Selecting previously unselected package cpp-14. Preparing to unpack .../020-cpp-14_14.2.0-8_arm64.deb ... Unpacking cpp-14 (14.2.0-8) ... Selecting previously unselected package cpp-aarch64-linux-gnu. Preparing to unpack .../021-cpp-aarch64-linux-gnu_4%3a14.2.0-1_arm64.deb ... Unpacking cpp-aarch64-linux-gnu (4:14.2.0-1) ... Selecting previously unselected package cpp. Preparing to unpack .../022-cpp_4%3a14.2.0-1_arm64.deb ... Unpacking cpp (4:14.2.0-1) ... Selecting previously unselected package libcc1-0:arm64. Preparing to unpack .../023-libcc1-0_14.2.0-8_arm64.deb ... Unpacking libcc1-0:arm64 (14.2.0-8) ... Selecting previously unselected package libitm1:arm64. Preparing to unpack .../024-libitm1_14.2.0-8_arm64.deb ... Unpacking libitm1:arm64 (14.2.0-8) ... Selecting previously unselected package libasan8:arm64. Preparing to unpack .../025-libasan8_14.2.0-8_arm64.deb ... Unpacking libasan8:arm64 (14.2.0-8) ... Selecting previously unselected package liblsan0:arm64. Preparing to unpack .../026-liblsan0_14.2.0-8_arm64.deb ... Unpacking liblsan0:arm64 (14.2.0-8) ... Selecting previously unselected package libtsan2:arm64. Preparing to unpack .../027-libtsan2_14.2.0-8_arm64.deb ... Unpacking libtsan2:arm64 (14.2.0-8) ... Selecting previously unselected package libubsan1:arm64. Preparing to unpack .../028-libubsan1_14.2.0-8_arm64.deb ... Unpacking libubsan1:arm64 (14.2.0-8) ... Selecting previously unselected package libhwasan0:arm64. Preparing to unpack .../029-libhwasan0_14.2.0-8_arm64.deb ... Unpacking libhwasan0:arm64 (14.2.0-8) ... Selecting previously unselected package libgcc-14-dev:arm64. Preparing to unpack .../030-libgcc-14-dev_14.2.0-8_arm64.deb ... Unpacking libgcc-14-dev:arm64 (14.2.0-8) ... Selecting previously unselected package gcc-14-aarch64-linux-gnu. Preparing to unpack .../031-gcc-14-aarch64-linux-gnu_14.2.0-8_arm64.deb ... Unpacking gcc-14-aarch64-linux-gnu (14.2.0-8) ... Selecting previously unselected package gcc-14. Preparing to unpack .../032-gcc-14_14.2.0-8_arm64.deb ... Unpacking gcc-14 (14.2.0-8) ... Selecting previously unselected package gcc-aarch64-linux-gnu. Preparing to unpack .../033-gcc-aarch64-linux-gnu_4%3a14.2.0-1_arm64.deb ... Unpacking gcc-aarch64-linux-gnu (4:14.2.0-1) ... Selecting previously unselected package gcc. Preparing to unpack .../034-gcc_4%3a14.2.0-1_arm64.deb ... Unpacking gcc (4:14.2.0-1) ... Selecting previously unselected package libstdc++-14-dev:arm64. Preparing to unpack .../035-libstdc++-14-dev_14.2.0-8_arm64.deb ... Unpacking libstdc++-14-dev:arm64 (14.2.0-8) ... Selecting previously unselected package g++-14-aarch64-linux-gnu. Preparing to unpack .../036-g++-14-aarch64-linux-gnu_14.2.0-8_arm64.deb ... Unpacking g++-14-aarch64-linux-gnu (14.2.0-8) ... Selecting previously unselected package g++-14. Preparing to unpack .../037-g++-14_14.2.0-8_arm64.deb ... Unpacking g++-14 (14.2.0-8) ... Selecting previously unselected package g++-aarch64-linux-gnu. Preparing to unpack .../038-g++-aarch64-linux-gnu_4%3a14.2.0-1_arm64.deb ... Unpacking g++-aarch64-linux-gnu (4:14.2.0-1) ... Selecting previously unselected package g++. Preparing to unpack .../039-g++_4%3a14.2.0-1_arm64.deb ... Unpacking g++ (4:14.2.0-1) ... Selecting previously unselected package build-essential. Preparing to unpack .../040-build-essential_12.12_arm64.deb ... Unpacking build-essential (12.12) ... Selecting previously unselected package libdebhelper-perl. Preparing to unpack .../041-libdebhelper-perl_13.20_all.deb ... Unpacking libdebhelper-perl (13.20) ... Selecting previously unselected package libtool. Preparing to unpack .../042-libtool_2.4.7-8_all.deb ... Unpacking libtool (2.4.7-8) ... Selecting previously unselected package dh-autoreconf. Preparing to unpack .../043-dh-autoreconf_20_all.deb ... Unpacking dh-autoreconf (20) ... Selecting previously unselected package libfile-stripnondeterminism-perl. Preparing to unpack .../044-libfile-stripnondeterminism-perl_1.14.0-1_all.deb ... Unpacking libfile-stripnondeterminism-perl (1.14.0-1) ... Selecting previously unselected package dh-strip-nondeterminism. Preparing to unpack .../045-dh-strip-nondeterminism_1.14.0-1_all.deb ... Unpacking dh-strip-nondeterminism (1.14.0-1) ... Selecting previously unselected package libelf1t64:arm64. Preparing to unpack .../046-libelf1t64_0.192-4_arm64.deb ... Unpacking libelf1t64:arm64 (0.192-4) ... Selecting previously unselected package dwz. Preparing to unpack .../047-dwz_0.15-1+b1_arm64.deb ... Unpacking dwz (0.15-1+b1) ... Selecting previously unselected package po-debconf. Preparing to unpack .../048-po-debconf_1.0.21+nmu1_all.deb ... Unpacking po-debconf (1.0.21+nmu1) ... Selecting previously unselected package debhelper. Preparing to unpack .../049-debhelper_13.20_all.deb ... Unpacking debhelper (13.20) ... Selecting previously unselected package python3-autocommand. Preparing to unpack .../050-python3-autocommand_2.2.2-3_all.deb ... Unpacking python3-autocommand (2.2.2-3) ... Selecting previously unselected package python3-more-itertools. Preparing to unpack .../051-python3-more-itertools_10.5.0-1_all.deb ... Unpacking python3-more-itertools (10.5.0-1) ... Selecting previously unselected package python3-typing-extensions. Preparing to unpack .../052-python3-typing-extensions_4.12.2-2_all.deb ... Unpacking python3-typing-extensions (4.12.2-2) ... Selecting previously unselected package python3-typeguard. Preparing to unpack .../053-python3-typeguard_4.4.1-1_all.deb ... Unpacking python3-typeguard (4.4.1-1) ... Selecting previously unselected package python3-inflect. Preparing to unpack .../054-python3-inflect_7.3.1-2_all.deb ... Unpacking python3-inflect (7.3.1-2) ... Selecting previously unselected package python3-jaraco.context. Preparing to unpack .../055-python3-jaraco.context_6.0.0-1_all.deb ... Unpacking python3-jaraco.context (6.0.0-1) ... Selecting previously unselected package python3-jaraco.functools. Preparing to unpack .../056-python3-jaraco.functools_4.1.0-1_all.deb ... Unpacking python3-jaraco.functools (4.1.0-1) ... Selecting previously unselected package python3-pkg-resources. Preparing to unpack .../057-python3-pkg-resources_75.2.0-1_all.deb ... Unpacking python3-pkg-resources (75.2.0-1) ... Selecting previously unselected package python3-jaraco.text. Preparing to unpack .../058-python3-jaraco.text_4.0.0-1_all.deb ... Unpacking python3-jaraco.text (4.0.0-1) ... Selecting previously unselected package python3-zipp. Preparing to unpack .../059-python3-zipp_3.21.0-1_all.deb ... Unpacking python3-zipp (3.21.0-1) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../060-python3-setuptools_75.2.0-1_all.deb ... Unpacking python3-setuptools (75.2.0-1) ... Selecting previously unselected package dh-python. Preparing to unpack .../061-dh-python_6.20241024_all.deb ... Unpacking dh-python (6.20241024) ... Selecting previously unselected package xml-core. Preparing to unpack .../062-xml-core_0.19_all.deb ... Unpacking xml-core (0.19) ... Selecting previously unselected package docutils-common. Preparing to unpack .../063-docutils-common_0.21.2+dfsg-2_all.deb ... Unpacking docutils-common (0.21.2+dfsg-2) ... Selecting previously unselected package libfakeroot:arm64. Preparing to unpack .../064-libfakeroot_1.36-1_arm64.deb ... Unpacking libfakeroot:arm64 (1.36-1) ... Selecting previously unselected package fakeroot. Preparing to unpack .../065-fakeroot_1.36-1_arm64.deb ... Unpacking fakeroot (1.36-1) ... Selecting previously unselected package fonts-font-awesome. Preparing to unpack .../066-fonts-font-awesome_5.0.10+really4.7.0~dfsg-4.1_all.deb ... Unpacking fonts-font-awesome (5.0.10+really4.7.0~dfsg-4.1) ... Selecting previously unselected package libjs-jquery. Preparing to unpack .../067-libjs-jquery_3.6.1+dfsg+~3.5.14-1_all.deb ... Unpacking libjs-jquery (3.6.1+dfsg+~3.5.14-1) ... Selecting previously unselected package libjs-underscore. Preparing to unpack .../068-libjs-underscore_1.13.4~dfsg+~1.11.4-3_all.deb ... Unpacking libjs-underscore (1.13.4~dfsg+~1.11.4-3) ... Selecting previously unselected package libjs-sphinxdoc. Preparing to unpack .../069-libjs-sphinxdoc_7.4.7-4_all.deb ... Unpacking libjs-sphinxdoc (7.4.7-4) ... Selecting previously unselected package libjson-perl. Preparing to unpack .../070-libjson-perl_4.10000-1_all.deb ... Unpacking libjson-perl (4.10000-1) ... Selecting previously unselected package libpython3.13-stdlib:arm64. Preparing to unpack .../071-libpython3.13-stdlib_3.13.0-2_arm64.deb ... Unpacking libpython3.13-stdlib:arm64 (3.13.0-2) ... Selecting previously unselected package libsodium23:arm64. Preparing to unpack .../072-libsodium23_1.0.18-1+b2_arm64.deb ... Unpacking libsodium23:arm64 (1.0.18-1+b2) ... Selecting previously unselected package localehelper. Preparing to unpack .../073-localehelper_0.1.4-3.1_all.deb ... Unpacking localehelper (0.1.4-3.1) ... Selecting previously unselected package python3-packaging. Preparing to unpack .../074-python3-packaging_24.2-1_all.deb ... Unpacking python3-packaging (24.2-1) ... Selecting previously unselected package python3-pyproject-hooks. Preparing to unpack .../075-python3-pyproject-hooks_1.2.0-1_all.deb ... Unpacking python3-pyproject-hooks (1.2.0-1) ... Selecting previously unselected package python3-toml. Preparing to unpack .../076-python3-toml_0.10.2-1_all.deb ... Unpacking python3-toml (0.10.2-1) ... Selecting previously unselected package python3-wheel. Preparing to unpack .../077-python3-wheel_0.45.0-1_all.deb ... Unpacking python3-wheel (0.45.0-1) ... Selecting previously unselected package python3-build. Preparing to unpack .../078-python3-build_1.2.2-1_all.deb ... Unpacking python3-build (1.2.2-1) ... Selecting previously unselected package python3-installer. Preparing to unpack .../079-python3-installer_0.7.0+dfsg1-3_all.deb ... Unpacking python3-installer (0.7.0+dfsg1-3) ... Selecting previously unselected package pybuild-plugin-pyproject. Preparing to unpack .../080-pybuild-plugin-pyproject_6.20241024_all.deb ... Unpacking pybuild-plugin-pyproject (6.20241024) ... Selecting previously unselected package python-babel-localedata. Preparing to unpack .../081-python-babel-localedata_2.16.0-1_all.deb ... Unpacking python-babel-localedata (2.16.0-1) ... Selecting previously unselected package python3-alabaster. Preparing to unpack .../082-python3-alabaster_0.7.16-0.1_all.deb ... Unpacking python3-alabaster (0.7.16-0.1) ... Selecting previously unselected package python3.13. Preparing to unpack .../083-python3.13_3.13.0-2_arm64.deb ... Unpacking python3.13 (3.13.0-2) ... Selecting previously unselected package python3-all. Preparing to unpack .../084-python3-all_3.12.7-1_arm64.deb ... Unpacking python3-all (3.12.7-1) ... Selecting previously unselected package python3-asn1crypto. Preparing to unpack .../085-python3-asn1crypto_1.5.1-3_all.deb ... Unpacking python3-asn1crypto (1.5.1-3) ... Selecting previously unselected package python3-babel. Preparing to unpack .../086-python3-babel_2.16.0-1_all.deb ... Unpacking python3-babel (2.16.0-1) ... Selecting previously unselected package python3-bcrypt. Preparing to unpack .../087-python3-bcrypt_4.2.0-2_arm64.deb ... Unpacking python3-bcrypt (4.2.0-2) ... Selecting previously unselected package python3-cached-property. Preparing to unpack .../088-python3-cached-property_1.5.2-1_all.deb ... Unpacking python3-cached-property (1.5.2-1) ... Selecting previously unselected package python3-certifi. Preparing to unpack .../089-python3-certifi_2024.8.30+dfsg-1_all.deb ... Unpacking python3-certifi (2024.8.30+dfsg-1) ... Selecting previously unselected package python3-cffi-backend:arm64. Preparing to unpack .../090-python3-cffi-backend_1.17.1-2+b1_arm64.deb ... Unpacking python3-cffi-backend:arm64 (1.17.1-2+b1) ... Selecting previously unselected package python3-chardet. Preparing to unpack .../091-python3-chardet_5.2.0+dfsg-1_all.deb ... Unpacking python3-chardet (5.2.0+dfsg-1) ... Selecting previously unselected package python3-charset-normalizer. Preparing to unpack .../092-python3-charset-normalizer_3.4.0-1+b1_arm64.deb ... Unpacking python3-charset-normalizer (3.4.0-1+b1) ... Selecting previously unselected package python3-cryptography. Preparing to unpack .../093-python3-cryptography_43.0.0-1_arm64.deb ... Unpacking python3-cryptography (43.0.0-1) ... Selecting previously unselected package python3-decorator. Preparing to unpack .../094-python3-decorator_5.1.1-5_all.deb ... Unpacking python3-decorator (5.1.1-5) ... Selecting previously unselected package python3-defusedxml. Preparing to unpack .../095-python3-defusedxml_0.7.1-2_all.deb ... Unpacking python3-defusedxml (0.7.1-2) ... Selecting previously unselected package python3-roman. Preparing to unpack .../096-python3-roman_4.2-1_all.deb ... Unpacking python3-roman (4.2-1) ... Selecting previously unselected package python3-docutils. Preparing to unpack .../097-python3-docutils_0.21.2+dfsg-2_all.deb ... Unpacking python3-docutils (0.21.2+dfsg-2) ... Selecting previously unselected package python3-fido2. Preparing to unpack .../098-python3-fido2_1.1.3-1_all.deb ... Unpacking python3-fido2 (1.1.3-1) ... Selecting previously unselected package python3-gssapi. Preparing to unpack .../099-python3-gssapi_1.9.0-1+b1_arm64.deb ... Unpacking python3-gssapi (1.9.0-1+b1) ... Selecting previously unselected package python3-idna. Preparing to unpack .../100-python3-idna_3.8-2_all.deb ... Unpacking python3-idna (3.8-2) ... Selecting previously unselected package python3-imagesize. Preparing to unpack .../101-python3-imagesize_1.4.1-1_all.deb ... Unpacking python3-imagesize (1.4.1-1) ... Selecting previously unselected package python3-iniconfig. Preparing to unpack .../102-python3-iniconfig_1.1.1-2_all.deb ... Unpacking python3-iniconfig (1.1.1-2) ... Selecting previously unselected package python3-markupsafe. Preparing to unpack .../103-python3-markupsafe_2.1.5-1+b3_arm64.deb ... Unpacking python3-markupsafe (2.1.5-1+b3) ... Selecting previously unselected package python3-jinja2. Preparing to unpack .../104-python3-jinja2_3.1.3-1_all.deb ... Unpacking python3-jinja2 (3.1.3-1) ... Selecting previously unselected package python3-libnacl. Preparing to unpack .../105-python3-libnacl_2.1.0-2_all.deb ... Unpacking python3-libnacl (2.1.0-2) ... Selecting previously unselected package python3-openssl. Preparing to unpack .../106-python3-openssl_24.2.1-1_all.deb ... Unpacking python3-openssl (24.2.1-1) ... Selecting previously unselected package sphinx-rtd-theme-common. Preparing to unpack .../107-sphinx-rtd-theme-common_3.0.2+dfsg-1_all.deb ... Unpacking sphinx-rtd-theme-common (3.0.2+dfsg-1) ... Selecting previously unselected package python3-pkcs11. Preparing to unpack .../108-python3-pkcs11_0.7.0-1+b4_arm64.deb ... Unpacking python3-pkcs11 (0.7.0-1+b4) ... Selecting previously unselected package python3-pluggy. Preparing to unpack .../109-python3-pluggy_1.5.0-1_all.deb ... Unpacking python3-pluggy (1.5.0-1) ... Selecting previously unselected package python3-pygments. Preparing to unpack .../110-python3-pygments_2.18.0+dfsg-1_all.deb ... Unpacking python3-pygments (2.18.0+dfsg-1) ... Selecting previously unselected package python3-pytest. Preparing to unpack .../111-python3-pytest_8.3.3-1_all.deb ... Unpacking python3-pytest (8.3.3-1) ... Selecting previously unselected package python3-urllib3. Preparing to unpack .../112-python3-urllib3_2.0.7-2_all.deb ... Unpacking python3-urllib3 (2.0.7-2) ... Selecting previously unselected package python3-requests. Preparing to unpack .../113-python3-requests_2.32.3+dfsg-1_all.deb ... Unpacking python3-requests (2.32.3+dfsg-1) ... Selecting previously unselected package python3-snowballstemmer. Preparing to unpack .../114-python3-snowballstemmer_2.2.0-4_all.deb ... Unpacking python3-snowballstemmer (2.2.0-4) ... Selecting previously unselected package sphinx-common. Preparing to unpack .../115-sphinx-common_7.4.7-4_all.deb ... Unpacking sphinx-common (7.4.7-4) ... Selecting previously unselected package python3-sphinx. Preparing to unpack .../116-python3-sphinx_7.4.7-4_all.deb ... Unpacking python3-sphinx (7.4.7-4) ... Selecting previously unselected package sbuild-build-depends-main-dummy. Preparing to unpack .../117-sbuild-build-depends-main-dummy_0.invalid.0_arm64.deb ... Unpacking sbuild-build-depends-main-dummy (0.invalid.0) ... Setting up media-types (10.1.0) ... Setting up libfile-stripnondeterminism-perl (1.14.0-1) ... Setting up libc-l10n (2.40-3) ... Setting up fonts-lato (2.015-1) ... Setting up libsodium23:arm64 (1.0.18-1+b2) ... Setting up libcbor0.10:arm64 (0.10.2-2) ... Setting up libtirpc-common (1.3.4+ds-1.3) ... Setting up po-debconf (1.0.21+nmu1) ... Setting up libdebhelper-perl (13.20) ... Setting up libedit2:arm64 (3.1-20240808-1) ... Setting up linux-libc-dev (6.11.7-1) ... Setting up m4 (1.4.19-4) ... Setting up locales (2.40-3) ... Generating locales (this might take a while)... Generation complete. Setting up libfakeroot:arm64 (1.36-1) ... Setting up libelf1t64:arm64 (0.192-4) ... Setting up python-babel-localedata (2.16.0-1) ... Setting up fakeroot (1.36-1) ... update-alternatives: using /usr/bin/fakeroot-sysv to provide /usr/bin/fakeroot (fakeroot) in auto mode Setting up libpython3.13-minimal:arm64 (3.13.0-2) ... Setting up autotools-dev (20220109.1) ... Setting up localehelper (0.1.4-3.1) ... Setting up rpcsvc-proto (1.4.3-1+b1) ... Setting up libmpfr6:arm64 (4.2.1-1+b2) ... Setting up libmpc3:arm64 (1.3.1-1+b3) ... Setting up autopoint (0.22.5-2) ... Setting up libncursesw6:arm64 (6.5-2+b1) ... Setting up autoconf (2.72-3) ... Setting up libubsan1:arm64 (14.2.0-8) ... Setting up dh-strip-nondeterminism (1.14.0-1) ... Setting up dwz (0.15-1+b1) ... Setting up libhwasan0:arm64 (14.2.0-8) ... Setting up libcrypt-dev:arm64 (1:4.4.36-5) ... Setting up libasan8:arm64 (14.2.0-8) ... Setting up libjson-perl (4.10000-1) ... Setting up python3.13-minimal (3.13.0-2) ... Setting up sgml-base (1.31) ... Setting up libtsan2:arm64 (14.2.0-8) ... Setting up libjs-jquery (3.6.1+dfsg+~3.5.14-1) ... Setting up libfido2-1:arm64 (1.15.0-1+b1) ... Setting up libisl23:arm64 (0.27-1) ... Setting up libc-dev-bin (2.40-3) ... Setting up libpython3.13-stdlib:arm64 (3.13.0-2) ... Setting up fonts-font-awesome (5.0.10+really4.7.0~dfsg-4.1) ... Setting up sphinx-rtd-theme-common (3.0.2+dfsg-1) ... Setting up libcc1-0:arm64 (14.2.0-8) ... Setting up liblsan0:arm64 (14.2.0-8) ... Setting up libitm1:arm64 (14.2.0-8) ... Setting up libjs-underscore (1.13.4~dfsg+~1.11.4-3) ... Setting up automake (1:1.16.5-1.3) ... update-alternatives: using /usr/bin/automake-1.16 to provide /usr/bin/automake (automake) in auto mode Setting up libtirpc3t64:arm64 (1.3.4+ds-1.3+b1) ... Setting up python3.13 (3.13.0-2) ... Setting up openssh-client (1:9.9p1-3) ... Setting up libjs-sphinxdoc (7.4.7-4) ... Setting up cpp-14-aarch64-linux-gnu (14.2.0-8) ... Setting up xml-core (0.19) ... Setting up libnsl2:arm64 (1.3.0-3+b3) ... Setting up libc6-dev:arm64 (2.40-3) ... Setting up libgcc-14-dev:arm64 (14.2.0-8) ... Setting up libstdc++-14-dev:arm64 (14.2.0-8) ... Setting up libpython3.12-stdlib:arm64 (3.12.7-3) ... Setting up python3.12 (3.12.7-3) ... Setting up cpp-aarch64-linux-gnu (4:14.2.0-1) ... Setting up sphinx-common (7.4.7-4) ... Setting up cpp-14 (14.2.0-8) ... Setting up cpp (4:14.2.0-1) ... Setting up gcc-14-aarch64-linux-gnu (14.2.0-8) ... Setting up libpython3-stdlib:arm64 (3.12.7-1) ... Setting up gcc-aarch64-linux-gnu (4:14.2.0-1) ... Setting up g++-14-aarch64-linux-gnu (14.2.0-8) ... Setting up python3 (3.12.7-1) ... Setting up python3-zipp (3.21.0-1) ... Setting up python3-autocommand (2.2.2-3) ... Setting up python3-markupsafe (2.1.5-1+b3) ... Setting up python3-wheel (0.45.0-1) ... Setting up gcc-14 (14.2.0-8) ... Setting up python3-roman (4.2-1) ... Setting up python3-decorator (5.1.1-5) ... Setting up python3-jinja2 (3.1.3-1) ... Setting up python3-packaging (24.2-1) ... Setting up python3-gssapi (1.9.0-1+b1) ... Setting up python3-pyproject-hooks (1.2.0-1) ... Setting up python3-certifi (2024.8.30+dfsg-1) ... Setting up python3-snowballstemmer (2.2.0-4) ... Setting up python3-idna (3.8-2) ... Setting up python3-typing-extensions (4.12.2-2) ... Setting up python3-libnacl (2.1.0-2) ... Setting up python3-toml (0.10.2-1) ... Setting up python3-installer (0.7.0+dfsg1-3) ... Setting up python3-urllib3 (2.0.7-2) ... Setting up python3-pluggy (1.5.0-1) ... Setting up g++-aarch64-linux-gnu (4:14.2.0-1) ... Setting up g++-14 (14.2.0-8) ... Setting up python3-build (1.2.2-1) ... Setting up python3-asn1crypto (1.5.1-3) ... Setting up python3-cffi-backend:arm64 (1.17.1-2+b1) ... Setting up python3-imagesize (1.4.1-1) ... Setting up python3-more-itertools (10.5.0-1) ... Setting up python3-iniconfig (1.1.1-2) ... Setting up python3-jaraco.functools (4.1.0-1) ... Setting up python3-jaraco.context (6.0.0-1) ... Setting up libtool (2.4.7-8) ... Setting up python3-defusedxml (0.7.1-2) ... Setting up python3-charset-normalizer (3.4.0-1+b1) ... Setting up python3-pytest (8.3.3-1) ... Setting up python3-alabaster (0.7.16-0.1) ... Setting up python3-bcrypt (4.2.0-2) ... Setting up python3-typeguard (4.4.1-1) ... Setting up python3-all (3.12.7-1) ... Setting up gcc (4:14.2.0-1) ... Setting up dh-autoreconf (20) ... Setting up python3-inflect (7.3.1-2) ... Setting up python3-jaraco.text (4.0.0-1) ... Setting up python3-cryptography (43.0.0-1) ... Setting up g++ (4:14.2.0-1) ... update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode Setting up build-essential (12.12) ... Setting up python3-pkg-resources (75.2.0-1) ... Setting up python3-fido2 (1.1.3-1) ... Setting up python3-cached-property (1.5.2-1) ... Setting up python3-setuptools (75.2.0-1) ... Setting up python3-babel (2.16.0-1) ... update-alternatives: using /usr/bin/pybabel-python3 to provide /usr/bin/pybabel (pybabel) in auto mode Setting up python3-openssl (24.2.1-1) ... Setting up debhelper (13.20) ... Setting up python3-pkcs11 (0.7.0-1+b4) ... Setting up python3-pygments (2.18.0+dfsg-1) ... Setting up python3-chardet (5.2.0+dfsg-1) ... Setting up python3-requests (2.32.3+dfsg-1) ... Setting up dh-python (6.20241024) ... Setting up pybuild-plugin-pyproject (6.20241024) ... Processing triggers for libc-bin (2.40-3) ... Processing triggers for man-db (2.13.0-1) ... Processing triggers for sgml-base (1.31) ... Setting up docutils-common (0.21.2+dfsg-2) ... Processing triggers for sgml-base (1.31) ... Setting up python3-docutils (0.21.2+dfsg-2) ... Setting up python3-sphinx (7.4.7-4) ... Setting up sbuild-build-depends-main-dummy (0.invalid.0) ... +------------------------------------------------------------------------------+ | Check architectures | +------------------------------------------------------------------------------+ Arch check ok (arm64 included in all) +------------------------------------------------------------------------------+ | Build environment | +------------------------------------------------------------------------------+ Kernel: Linux 6.1.0-27-cloud-arm64 #1 SMP Debian 6.1.115-1 (2024-11-01) arm64 (aarch64) Toolchain package versions: binutils_2.43.1-5 dpkg-dev_1.22.12~1.gbp82cafd g++-14_14.2.0-8 gcc-14_14.2.0-8 libc6-dev_2.40-3 libstdc++-14-dev_14.2.0-8 libstdc++6_14.2.0-8 linux-libc-dev_6.11.7-1 Package versions: adduser_3.137 appstream_1.0.3-1+b1 apt_2.9.11 autoconf_2.72-3 automake_1:1.16.5-1.3 autopoint_0.22.5-2 autotools-dev_20220109.1 base-files_13.5 base-passwd_3.6.5 bash_5.2.32-1+b2 binutils_2.43.1-5 binutils-aarch64-linux-gnu_2.43.1-5 binutils-common_2.43.1-5 bsdextrautils_2.40.2-11 bsdutils_1:2.40.2-11 build-essential_12.12 bzip2_1.0.8-6 ca-certificates_20240203 coreutils_9.5-1+b1 cpp_4:14.2.0-1 cpp-14_14.2.0-8 cpp-14-aarch64-linux-gnu_14.2.0-8 cpp-aarch64-linux-gnu_4:14.2.0-1 dash_0.5.12-9+b1 debconf_1.5.87 debhelper_13.20 debian-archive-keyring_2023.4 debianutils_5.21 dh-autoreconf_20 dh-python_6.20241024 dh-strip-nondeterminism_1.14.0-1 diffstat_1.66-1+b1 diffutils_1:3.10-1+b1 docutils-common_0.21.2+dfsg-2 dpkg_1.22.12~1.gbp82cafd dpkg-dev_1.22.12~1.gbp82cafd dwz_0.15-1+b1 e2fsprogs_1.47.1-1+b1 fakeroot_1.36-1 file_1:5.45-3+b1 findutils_4.10.0-3 fonts-font-awesome_5.0.10+really4.7.0~dfsg-4.1 fonts-lato_2.015-1 g++_4:14.2.0-1 g++-14_14.2.0-8 g++-14-aarch64-linux-gnu_14.2.0-8 g++-aarch64-linux-gnu_4:14.2.0-1 gcc_4:14.2.0-1 gcc-14_14.2.0-8 gcc-14-aarch64-linux-gnu_14.2.0-8 gcc-14-base_14.2.0-8 gcc-aarch64-linux-gnu_4:14.2.0-1 gettext_0.22.5-2 gettext-base_0.22.5-2 gpg_2.2.45-2 gpgconf_2.2.45-2 gpgv_2.2.45-2 grep_3.11-4+b1 groff-base_1.23.0-5 gzip_1.12-1.1+b1 hostname_3.25 init-system-helpers_1.67 intltool-debian_0.35.0+20060710.6 iso-codes_4.17.0-1 libacl1_2.3.2-2+b1 libaliased-perl_0.34-3 libappstream5_1.0.3-1+b1 libapt-pkg-perl_0.1.40+b6 libapt-pkg6.0t64_2.9.11 libarchive-zip-perl_1.68-1 libasan8_14.2.0-8 libassuan9_3.0.1-2 libatomic1_14.2.0-8 libattr1_1:2.5.2-2 libaudit-common_1:4.0.2-2 libaudit1_1:4.0.2-2 libb-hooks-endofscope-perl_0.28-1 libb-hooks-op-check-perl_0.22-3+b2 libberkeleydb-perl_0.66-1 libbinutils_2.43.1-5 libblkid1_2.40.2-11 libbrotli1_1.1.0-2+b6 libbsd0_0.12.2-2 libbz2-1.0_1.0.8-6 libc-bin_2.40-3 libc-dev-bin_2.40-3 libc-l10n_2.40-3 libc6_2.40-3 libc6-dev_2.40-3 libcap-ng0_0.8.5-3+b1 libcap2_1:2.66-5+b1 libcapture-tiny-perl_0.48-2 libcbor0.10_0.10.2-2 libcc1-0_14.2.0-8 libcgi-pm-perl_4.66-1 libclass-data-inheritable-perl_0.10-1 libclass-inspector-perl_1.36-3 libclass-method-modifiers-perl_2.15-1 libclass-xsaccessor-perl_1.19-4+b4 libclone-perl_0.47-1+b1 libcom-err2_1.47.1-1+b1 libconfig-tiny-perl_2.30-1 libconst-fast-perl_0.014-2 libcpanel-json-xs-perl_4.38-1+b1 libcrypt-dev_1:4.4.36-5 libcrypt1_1:4.4.36-5 libctf-nobfd0_2.43.1-5 libctf0_2.43.1-5 libcurl3t64-gnutls_8.11.0-1 libdata-dpath-perl_0.60-1 libdata-messagepack-perl_1.02-1+b4 libdata-optlist-perl_0.114-1 libdata-validate-domain-perl_0.15-1 libdata-validate-ip-perl_0.31-1 libdata-validate-uri-perl_0.07-3 libdb5.3t64_5.3.28+dfsg2-9 libdebconfclient0_0.273 libdebhelper-perl_13.20 libdevel-callchecker-perl_0.009-1+b1 libdevel-size-perl_0.84-1+b1 libdevel-stacktrace-perl_2.0500-1 libdpkg-perl_1.22.12~1.gbp82cafd libdynaloader-functions-perl_0.004-1 libedit2_3.1-20240808-1 libelf1t64_0.192-4 libemail-address-xs-perl_1.05-1+b4 libencode-locale-perl_1.05-3 libexception-class-perl_1.45-1 libexpat1_2.6.4-1 libext2fs2t64_1.47.1-1+b1 libfakeroot_1.36-1 libffi8_3.4.6-1 libfido2-1_1.15.0-1+b1 libfile-basedir-perl_0.09-2 libfile-find-rule-perl_0.34-3 libfile-listing-perl_6.16-1 libfile-sharedir-perl_1.118-3 libfile-stripnondeterminism-perl_1.14.0-1 libfont-ttf-perl_1.06-2 libgcc-14-dev_14.2.0-8 libgcc-s1_14.2.0-8 libgcrypt20_1.11.0-6 libgdbm-compat4t64_1.24-2 libgdbm6t64_1.24-2 libglib2.0-0t64_2.82.2-3 libgmp10_2:6.3.0+dfsg-2+b2 libgnutls30t64_3.8.8-2 libgomp1_14.2.0-8 libgpg-error0_1.50-4 libgprofng0_2.43.1-5 libgssapi-krb5-2_1.21.3-3 libhogweed6t64_3.10-1+b1 libhtml-form-perl_6.12-1 libhtml-html5-entities-perl_0.004-3 libhtml-parser-perl_3.83-1+b1 libhtml-tagset-perl_3.24-1 libhtml-tokeparser-simple-perl_3.16-4 libhtml-tree-perl_5.07-3 libhttp-cookies-perl_6.11-1 libhttp-date-perl_6.06-1 libhttp-message-perl_7.00-2 libhttp-negotiate-perl_6.01-2 libhwasan0_14.2.0-8 libicu72_72.1-5+b1 libidn2-0_2.3.7-2+b1 libimport-into-perl_1.002005-2 libio-html-perl_1.004-3 libio-interactive-perl_1.025-1 libio-socket-ssl-perl_2.089-1 libio-string-perl_1.08-4 libipc-run3-perl_0.049-1 libipc-system-simple-perl_1.30-2 libisl23_0.27-1 libiterator-perl_0.03+ds1-2 libiterator-util-perl_0.02+ds1-2 libitm1_14.2.0-8 libjansson4_2.14-2+b3 libjs-jquery_3.6.1+dfsg+~3.5.14-1 libjs-sphinxdoc_7.4.7-4 libjs-underscore_1.13.4~dfsg+~1.11.4-3 libjson-maybexs-perl_1.004008-1 libjson-perl_4.10000-1 libk5crypto3_1.21.3-3 libkeyutils1_1.6.3-4 libkrb5-3_1.21.3-3 libkrb5support0_1.21.3-3 libldap-2.5-0_2.5.18+dfsg-3+b1 liblist-compare-perl_0.55-2 liblist-someutils-perl_0.59-1 liblist-utilsby-perl_0.12-2 liblsan0_14.2.0-8 liblwp-mediatypes-perl_6.04-2 liblwp-protocol-https-perl_6.14-1 liblz1_1.15~pre2-1 liblz4-1_1.9.4-3+b1 liblzma5_5.6.3-1+b1 liblzo2-2_2.10-3+b1 libmagic-mgc_1:5.45-3+b1 libmagic1t64_1:5.45-3+b1 libmarkdown2_2.2.7-2.1 libmd0_1.1.0-2+b1 libmldbm-perl_2.05-4 libmodule-implementation-perl_0.09-2 libmodule-runtime-perl_0.016-2 libmoo-perl_2.005005-1 libmoox-aliases-perl_0.001006-2 libmount1_2.40.2-11 libmouse-perl_2.5.11-1+b1 libmpc3_1.3.1-1+b3 libmpfr6_4.2.1-1+b2 libnamespace-clean-perl_0.27-2 libncursesw6_6.5-2+b1 libnet-domain-tld-perl_1.75-4 libnet-http-perl_6.23-1 libnet-ipv6addr-perl_1.02-1 libnet-netmask-perl_2.0002-2 libnet-ssleay-perl_1.94-2 libnetaddr-ip-perl_4.079+dfsg-2+b4 libnettle8t64_3.10-1+b1 libnghttp2-14_1.64.0-1 libnghttp3-9_1.4.0-1+b1 libngtcp2-16_1.6.0-1 libngtcp2-crypto-gnutls8_1.6.0-1 libnsl2_1.3.0-3+b3 libnumber-compare-perl_0.03-3 libp11-kit0_0.25.5-2+b1 libpackage-stash-perl_0.40-1 libpam-modules_1.5.3-7+b1 libpam-modules-bin_1.5.3-7+b1 libpam-runtime_1.5.3-7 libpam0g_1.5.3-7+b1 libparams-classify-perl_0.015-2+b4 libparams-util-perl_1.102-3+b1 libpath-tiny-perl_0.146-1 libpcre2-8-0_10.44-4 libperl5.40_5.40.0-7 libperlio-gzip-perl_0.20-1+b4 libperlio-utf8-strict-perl_0.010-1+b3 libpipeline1_1.5.8-1 libproc-processtable-perl_0.636-1+b3 libpsl5t64_0.21.2-1.1+b1 libpython3-stdlib_3.12.7-1 libpython3.12-minimal_3.12.7-3 libpython3.12-stdlib_3.12.7-3 libpython3.13-minimal_3.13.0-2 libpython3.13-stdlib_3.13.0-2 libreadline8t64_8.2-5 libregexp-wildcards-perl_1.05-3 librole-tiny-perl_2.002004-1 librtmp1_2.4+20151223.gitfa8646d.1-2+b5 libsasl2-2_2.1.28+dfsg1-8 libsasl2-modules-db_2.1.28+dfsg1-8 libseccomp2_2.5.5-1+b3 libselinux1_3.7-3+b1 libsemanage-common_3.7-2 libsemanage2_3.7-2+b1 libsepol2_3.7-1 libsereal-decoder-perl_5.004+ds-1+b3 libsereal-encoder-perl_5.004+ds-1+b3 libsframe1_2.43.1-5 libsmartcols1_2.40.2-11 libsodium23_1.0.18-1+b2 libsort-versions-perl_1.62-3 libsqlite3-0_3.46.1-1 libss2_1.47.1-1+b1 libssh2-1t64_1.11.1-1 libssl3t64_3.3.2-2 libstdc++-14-dev_14.2.0-8 libstdc++6_14.2.0-8 libstemmer0d_2.2.0-4+b2 libstrictures-perl_2.000006-1 libsub-exporter-perl_0.990-1 libsub-exporter-progressive-perl_0.001013-3 libsub-identify-perl_0.14-3+b3 libsub-install-perl_0.929-1 libsub-name-perl_0.27-1+b3 libsub-quote-perl_2.006008-1 libsyntax-keyword-try-perl_0.30-1+b1 libsystemd0_257~rc2-3 libtasn1-6_4.19.0-3+b3 libterm-readkey-perl_2.38-2+b4 libtext-glob-perl_0.11-3 libtext-levenshteinxs-perl_0.03-5+b4 libtext-markdown-discount-perl_0.16-1+b3 libtext-xslate-perl_3.5.9-2+b1 libtime-duration-perl_1.21-2 libtime-moment-perl_0.44-2+b4 libtimedate-perl_2.3300-2 libtinfo6_6.5-2+b1 libtirpc-common_1.3.4+ds-1.3 libtirpc3t64_1.3.4+ds-1.3+b1 libtool_2.4.7-8 libtry-tiny-perl_0.32-1 libtsan2_14.2.0-8 libubsan1_14.2.0-8 libuchardet0_0.0.8-1+b2 libudev1_257~rc2-3 libunicode-utf8-perl_0.62-2+b3 libunistring5_1.2-1+b1 liburi-perl_5.30-1 libuuid1_2.40.2-11 libvariable-magic-perl_0.64-1+b1 libwww-mechanize-perl_2.19-1 libwww-perl_6.77-1 libwww-robotrules-perl_6.02-1 libxml-libxml-perl_2.0207+dfsg+really+2.0134-5+b1 libxml-namespacesupport-perl_1.12-2 libxml-sax-base-perl_1.09-3 libxml-sax-perl_1.02+dfsg-3 libxml2_2.12.7+dfsg+really2.9.14-0.2+b1 libxmlb2_0.3.21-1 libxs-parse-keyword-perl_0.46-1+b1 libxxhash0_0.8.2-2+b2 libyaml-0-2_0.2.5-1+b2 libyaml-libyaml-perl_0.902.0+ds-2+b1 libzstd1_1.5.6+dfsg-1+b1 lintian_2.120.0 linux-libc-dev_6.11.7-1 localehelper_0.1.4-3.1 locales_2.40-3 login_1:4.16.0-2+really2.40.2-11 login.defs_1:4.16.0-5 logsave_1.47.1-1+b1 lzop_1.04-2+b1 m4_1.4.19-4 make_4.3-4.1+b1 man-db_2.13.0-1 mawk_1.3.4.20240905-1 media-types_10.1.0 mount_2.40.2-11 ncurses-base_6.5-2 ncurses-bin_6.5-2+b1 netbase_6.4 openssh-client_1:9.9p1-3 openssl_3.3.2-2 openssl-provider-legacy_3.3.2-2 passwd_1:4.16.0-5 patch_2.7.6-7+b1 patchutils_0.4.2-1+b1 perl_5.40.0-7 perl-base_5.40.0-7 perl-modules-5.40_5.40.0-7 perl-openssl-defaults_7+b2 plzip_1.11-2 po-debconf_1.0.21+nmu1 pybuild-plugin-pyproject_6.20241024 python-babel-localedata_2.16.0-1 python3_3.12.7-1 python3-alabaster_0.7.16-0.1 python3-all_3.12.7-1 python3-asn1crypto_1.5.1-3 python3-autocommand_2.2.2-3 python3-babel_2.16.0-1 python3-bcrypt_4.2.0-2 python3-build_1.2.2-1 python3-cached-property_1.5.2-1 python3-certifi_2024.8.30+dfsg-1 python3-cffi-backend_1.17.1-2+b1 python3-chardet_5.2.0+dfsg-1 python3-charset-normalizer_3.4.0-1+b1 python3-cryptography_43.0.0-1 python3-decorator_5.1.1-5 python3-defusedxml_0.7.1-2 python3-docutils_0.21.2+dfsg-2 python3-fido2_1.1.3-1 python3-gssapi_1.9.0-1+b1 python3-idna_3.8-2 python3-imagesize_1.4.1-1 python3-inflect_7.3.1-2 python3-iniconfig_1.1.1-2 python3-installer_0.7.0+dfsg1-3 python3-jaraco.context_6.0.0-1 python3-jaraco.functools_4.1.0-1 python3-jaraco.text_4.0.0-1 python3-jinja2_3.1.3-1 python3-libnacl_2.1.0-2 python3-markupsafe_2.1.5-1+b3 python3-minimal_3.12.7-1 python3-more-itertools_10.5.0-1 python3-openssl_24.2.1-1 python3-packaging_24.2-1 python3-pkcs11_0.7.0-1+b4 python3-pkg-resources_75.2.0-1 python3-pluggy_1.5.0-1 python3-pygments_2.18.0+dfsg-1 python3-pyproject-hooks_1.2.0-1 python3-pytest_8.3.3-1 python3-requests_2.32.3+dfsg-1 python3-roman_4.2-1 python3-setuptools_75.2.0-1 python3-snowballstemmer_2.2.0-4 python3-sphinx_7.4.7-4 python3-toml_0.10.2-1 python3-typeguard_4.4.1-1 python3-typing-extensions_4.12.2-2 python3-urllib3_2.0.7-2 python3-wheel_0.45.0-1 python3-zipp_3.21.0-1 python3.12_3.12.7-3 python3.12-minimal_3.12.7-3 python3.13_3.13.0-2 python3.13-minimal_3.13.0-2 readline-common_8.2-5 rpcsvc-proto_1.4.3-1+b1 sbuild-build-depends-main-dummy_0.invalid.0 sed_4.9-2+b1 sensible-utils_0.0.24 sgml-base_1.31 shared-mime-info_2.4-5+b1 sphinx-common_7.4.7-4 sphinx-rtd-theme-common_3.0.2+dfsg-1 sysvinit-utils_3.11-1 t1utils_1.41-4+b1 tar_1.35+dfsg-3+b1 tzdata_2024b-3 ucf_3.0043+nmu1 unzip_6.0-28+b1 util-linux_2.40.2-11 xml-core_0.19 xz-utils_5.6.3-1+b1 zlib1g_1:1.3.dfsg+really1.3.1-1+b1 +------------------------------------------------------------------------------+ | Build | +------------------------------------------------------------------------------+ Unpack source ------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: python-asyncssh Binary: python3-asyncssh, python-asyncssh-doc Architecture: all Version: 2.18.0-1 Maintainer: Debian Python Team Uploaders: Vincent Bernat Homepage: https://github.com/ronf/asyncssh Standards-Version: 4.5.1 Vcs-Browser: https://salsa.debian.org/python-team/packages/python-asyncssh Vcs-Git: https://salsa.debian.org/python-team/packages/python-asyncssh.git Testsuite: autopkgtest-pkg-python Build-Depends: debhelper-compat (= 12), dh-python, localehelper, openssh-client, openssl, openssl-provider-legacy | openssl (<< 3.3.1-5~), pybuild-plugin-pyproject, python3-all, python3-bcrypt (>= 3.1.3) , python3-cryptography (>= 39.0), python3-fido2 , python3-gssapi , python3-libnacl , python3-openssl , python3-pkcs11 , python3-pytest , python3-setuptools, python3-sphinx (>= 1.0.7+dfsg-1~), python3-typing-extensions Package-List: python-asyncssh-doc deb doc optional arch=all python3-asyncssh deb python optional arch=all Checksums-Sha1: 0ff1cad3b635876aac1c63a42850bdc45aed1553 520082 python-asyncssh_2.18.0.orig.tar.gz b0bf7e5adc390e8e06ecc5c9724e20a1c6e1b38d 8676 python-asyncssh_2.18.0-1.debian.tar.xz Checksums-Sha256: a6a71febb2c703612e9e511480b02feb28193fbeed59882ac61f013c89683811 520082 python-asyncssh_2.18.0.orig.tar.gz 08ea0fd45e0c027abeb58b5681e72041f181e2e5749c864a2e2234f316a82b32 8676 python-asyncssh_2.18.0-1.debian.tar.xz Files: 8f095f99461002ef7235c4c2e17418e5 520082 python-asyncssh_2.18.0.orig.tar.gz a9582f3cb12718604e61ff7cbd9484a0 8676 python-asyncssh_2.18.0-1.debian.tar.xz Dgit: bbdb28376732ff0d75d62c9f749edb60d69807d7 debian archive/debian/2.18.0-1 https://git.dgit.debian.org/python-asyncssh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcfg4MACgkQOTWH2X2G UAvxCRAAlQe6jrcteCvha3Z0QONneJAhVxf8+uOR46rPX9s7p98TlggNBCMJrypt TQ468peUlbUFUPRe+c0WgRAEQPr1WGkBOm6ZURKv/Ir1wYvvJhWb2hNlNYWKz91G rU4JSkC70pvMWRiaOr3566n5tyXCugjIUwOsAifYDkBAG3B7UnvMZjsux/Z/FuqA n19FQNBQnlEiKyUqkiUaLgI/2DmfiLGenA/GLK1ASR4thiG0W4h9xOJetcCCgLnf nvVv2XI0eZEc9K/v+fCkeL76bC/iiK6wH1RWWz3SetvC22j8WWyuGQph7RpxgeXP 4Lkn9c57D8Wy87YjEOD6GUBML6xJmTcHVIqKTEbcSezYq5HT2BVOwZ/iFHT8JWUK S5OicdNveaeyYEu0xJrXtTHLSR1ge49R4tgDUq6gniaLGBSo+0jDrNUiRoSHXy+W 277MiID1+fLUIL5i8LDX3PsG4oeNQdQQ7h+I0NcU5PRHHBu4+4tYrqJFgI93hw+6 iO5y2QMMtXX1WkbdJB80Xskma3q8EaEZKGUHcQFdpshRlxr2/gPVKAPaar+P0GzM VObj43JgOLlxO/mjWLyHAp9BFhITdUqoS+4mlX5N0kt9IeDqBVvp10WFlQvAJi4V 1Rzlwp8qh7WItDegM+sg38ofd1KnhUnud0AXojAlA/B1JbeX9V8= =F2JD -----END PGP SIGNATURE----- gpgv: Signature made Mon Oct 28 12:28:51 2024 UTC gpgv: using RSA key AC0A4FF12611B6FCCF01C111393587D97D86500B gpgv: Can't check signature: No public key dpkg-source: warning: cannot verify inline signature for ./python-asyncssh_2.18.0-1.dsc: no acceptable signature found dpkg-source: info: extracting python-asyncssh in /<> dpkg-source: info: unpacking python-asyncssh_2.18.0.orig.tar.gz dpkg-source: info: unpacking python-asyncssh_2.18.0-1.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying skip-tests-requiring-network-access.patch Check disk space ---------------- Sufficient free space for build User Environment ---------------- APT_CONFIG=/var/lib/sbuild/apt.conf HOME=/sbuild-nonexistent LANG=en_US.UTF-8 LC_ALL=C.UTF-8 LOGNAME=debusine-worker PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games SHELL=/bin/sh USER=debusine-worker dpkg-buildpackage ----------------- Command: dpkg-buildpackage -us -uc -b -rfakeroot dpkg-buildpackage: info: source package python-asyncssh dpkg-buildpackage: info: source version 2.18.0-1 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Colin Watson dpkg-source --before-build . dpkg-buildpackage: info: host architecture arm64 debian/rules clean dh clean --with python3,sphinxdoc --buildsystem pybuild dh_auto_clean -O--buildsystem=pybuild dh_autoreconf_clean -O--buildsystem=pybuild dh_clean -O--buildsystem=pybuild debian/rules binary dh binary --with python3,sphinxdoc --buildsystem pybuild dh_update_autotools_config -O--buildsystem=pybuild dh_autoreconf -O--buildsystem=pybuild dh_auto_configure -O--buildsystem=pybuild dh_auto_build -O--buildsystem=pybuild I: pybuild plugin_pyproject:129: Building wheel for python3.13 with "build" module I: pybuild base:311: python3.13 -m build --skip-dependency-check --no-isolation --wheel --outdir /<>/.pybuild/cpython3_3.13_asyncssh * Building wheel... /usr/lib/python3/dist-packages/setuptools/_distutils/dist.py:261: UserWarning: Unknown distribution option: 'test_suite' warnings.warn(msg) running bdist_wheel running build running build_py creating build/lib/asyncssh copying asyncssh/forward.py -> build/lib/asyncssh copying asyncssh/sftp.py -> build/lib/asyncssh copying asyncssh/pattern.py -> build/lib/asyncssh copying asyncssh/listener.py -> build/lib/asyncssh copying asyncssh/sk.py -> build/lib/asyncssh copying asyncssh/asn1.py -> build/lib/asyncssh copying asyncssh/constants.py -> build/lib/asyncssh copying asyncssh/config.py -> build/lib/asyncssh copying asyncssh/public_key.py -> build/lib/asyncssh copying asyncssh/client.py -> build/lib/asyncssh copying asyncssh/pkcs11.py -> build/lib/asyncssh copying asyncssh/gss_win32.py -> build/lib/asyncssh copying asyncssh/saslprep.py -> build/lib/asyncssh copying asyncssh/known_hosts.py -> build/lib/asyncssh copying asyncssh/x11.py -> build/lib/asyncssh copying asyncssh/eddsa.py -> build/lib/asyncssh copying asyncssh/kex.py -> build/lib/asyncssh copying asyncssh/compression.py -> build/lib/asyncssh copying asyncssh/editor.py -> build/lib/asyncssh copying asyncssh/server.py -> build/lib/asyncssh copying asyncssh/dsa.py -> build/lib/asyncssh copying asyncssh/channel.py -> build/lib/asyncssh copying asyncssh/gss.py -> build/lib/asyncssh copying asyncssh/gss_unix.py -> build/lib/asyncssh copying asyncssh/agent.py -> build/lib/asyncssh copying asyncssh/logging.py -> build/lib/asyncssh copying asyncssh/agent_unix.py -> build/lib/asyncssh copying asyncssh/version.py -> build/lib/asyncssh copying asyncssh/auth.py -> build/lib/asyncssh copying asyncssh/socks.py -> build/lib/asyncssh copying asyncssh/session.py -> build/lib/asyncssh copying asyncssh/packet.py -> build/lib/asyncssh copying asyncssh/__init__.py -> build/lib/asyncssh copying asyncssh/sk_eddsa.py -> build/lib/asyncssh copying asyncssh/rsa.py -> build/lib/asyncssh copying asyncssh/scp.py -> build/lib/asyncssh copying asyncssh/misc.py -> build/lib/asyncssh copying asyncssh/keysign.py -> build/lib/asyncssh copying asyncssh/kex_rsa.py -> build/lib/asyncssh copying asyncssh/auth_keys.py -> build/lib/asyncssh copying asyncssh/connection.py -> build/lib/asyncssh copying asyncssh/process.py -> build/lib/asyncssh copying asyncssh/tuntap.py -> build/lib/asyncssh copying asyncssh/agent_win32.py -> build/lib/asyncssh copying asyncssh/subprocess.py -> build/lib/asyncssh copying asyncssh/mac.py -> build/lib/asyncssh copying asyncssh/pbe.py -> build/lib/asyncssh copying asyncssh/ecdsa.py -> build/lib/asyncssh copying asyncssh/sk_ecdsa.py -> build/lib/asyncssh copying asyncssh/encryption.py -> build/lib/asyncssh copying asyncssh/stream.py -> build/lib/asyncssh copying asyncssh/kex_dh.py -> build/lib/asyncssh creating build/lib/asyncssh/crypto copying asyncssh/crypto/cipher.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/kdf.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/ed.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/umac.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/dh.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/dsa.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/__init__.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/rsa.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/misc.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/chacha.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/ec_params.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/x509.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/ec.py -> build/lib/asyncssh/crypto copying asyncssh/crypto/pq.py -> build/lib/asyncssh/crypto copying asyncssh/py.typed -> build/lib/asyncssh installing to build/bdist.linux-aarch64/wheel running install running install_lib creating build/bdist.linux-aarch64/wheel creating build/bdist.linux-aarch64/wheel/asyncssh copying build/lib/asyncssh/forward.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sftp.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pattern.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/listener.py -> build/bdist.linux-aarch64/wheel/./asyncssh creating build/bdist.linux-aarch64/wheel/asyncssh/crypto copying build/lib/asyncssh/crypto/cipher.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/kdf.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ed.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/umac.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/dh.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/dsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/__init__.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/misc.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/chacha.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ec_params.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/x509.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ec.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/pq.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/sk.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/asn1.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/constants.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/config.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/public_key.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/client.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pkcs11.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss_win32.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/saslprep.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/py.typed -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/known_hosts.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/x11.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/eddsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/compression.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/editor.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/server.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/dsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/channel.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss_unix.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/logging.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent_unix.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/version.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/auth.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/socks.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/session.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/packet.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/__init__.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sk_eddsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/scp.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/misc.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/keysign.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex_rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/auth_keys.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/connection.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/process.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/tuntap.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent_win32.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/subprocess.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/mac.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pbe.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/ecdsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sk_ecdsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/encryption.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/stream.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex_dh.py -> build/bdist.linux-aarch64/wheel/./asyncssh running install_egg_info running egg_info creating asyncssh.egg-info writing asyncssh.egg-info/PKG-INFO writing dependency_links to asyncssh.egg-info/dependency_links.txt writing requirements to asyncssh.egg-info/requires.txt writing top-level names to asyncssh.egg-info/top_level.txt writing manifest file 'asyncssh.egg-info/SOURCES.txt' reading manifest file 'asyncssh.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' adding license file 'LICENSE' writing manifest file 'asyncssh.egg-info/SOURCES.txt' Copying asyncssh.egg-info to build/bdist.linux-aarch64/wheel/./asyncssh-2.18.0.egg-info running install_scripts creating build/bdist.linux-aarch64/wheel/asyncssh-2.18.0.dist-info/WHEEL creating '/<>/.pybuild/cpython3_3.13_asyncssh/.tmp-v7chopm8/asyncssh-2.18.0-py3-none-any.whl' and adding 'build/bdist.linux-aarch64/wheel' to it adding 'asyncssh/__init__.py' adding 'asyncssh/agent.py' adding 'asyncssh/agent_unix.py' adding 'asyncssh/agent_win32.py' adding 'asyncssh/asn1.py' adding 'asyncssh/auth.py' adding 'asyncssh/auth_keys.py' adding 'asyncssh/channel.py' adding 'asyncssh/client.py' adding 'asyncssh/compression.py' adding 'asyncssh/config.py' adding 'asyncssh/connection.py' adding 'asyncssh/constants.py' adding 'asyncssh/dsa.py' adding 'asyncssh/ecdsa.py' adding 'asyncssh/eddsa.py' adding 'asyncssh/editor.py' adding 'asyncssh/encryption.py' adding 'asyncssh/forward.py' adding 'asyncssh/gss.py' adding 'asyncssh/gss_unix.py' adding 'asyncssh/gss_win32.py' adding 'asyncssh/kex.py' adding 'asyncssh/kex_dh.py' adding 'asyncssh/kex_rsa.py' adding 'asyncssh/keysign.py' adding 'asyncssh/known_hosts.py' adding 'asyncssh/listener.py' adding 'asyncssh/logging.py' adding 'asyncssh/mac.py' adding 'asyncssh/misc.py' adding 'asyncssh/packet.py' adding 'asyncssh/pattern.py' adding 'asyncssh/pbe.py' adding 'asyncssh/pkcs11.py' adding 'asyncssh/process.py' adding 'asyncssh/public_key.py' adding 'asyncssh/py.typed' adding 'asyncssh/rsa.py' adding 'asyncssh/saslprep.py' adding 'asyncssh/scp.py' adding 'asyncssh/server.py' adding 'asyncssh/session.py' adding 'asyncssh/sftp.py' adding 'asyncssh/sk.py' adding 'asyncssh/sk_ecdsa.py' adding 'asyncssh/sk_eddsa.py' adding 'asyncssh/socks.py' adding 'asyncssh/stream.py' adding 'asyncssh/subprocess.py' adding 'asyncssh/tuntap.py' adding 'asyncssh/version.py' adding 'asyncssh/x11.py' adding 'asyncssh/crypto/__init__.py' adding 'asyncssh/crypto/chacha.py' adding 'asyncssh/crypto/cipher.py' adding 'asyncssh/crypto/dh.py' adding 'asyncssh/crypto/dsa.py' adding 'asyncssh/crypto/ec.py' adding 'asyncssh/crypto/ec_params.py' adding 'asyncssh/crypto/ed.py' adding 'asyncssh/crypto/kdf.py' adding 'asyncssh/crypto/misc.py' adding 'asyncssh/crypto/pq.py' adding 'asyncssh/crypto/rsa.py' adding 'asyncssh/crypto/umac.py' adding 'asyncssh/crypto/x509.py' adding 'asyncssh-2.18.0.dist-info/LICENSE' adding 'asyncssh-2.18.0.dist-info/METADATA' adding 'asyncssh-2.18.0.dist-info/WHEEL' adding 'asyncssh-2.18.0.dist-info/top_level.txt' adding 'asyncssh-2.18.0.dist-info/RECORD' removing build/bdist.linux-aarch64/wheel Successfully built asyncssh-2.18.0-py3-none-any.whl I: pybuild plugin_pyproject:144: Unpacking wheel built for python3.13 with "installer" module I: pybuild plugin_pyproject:129: Building wheel for python3.12 with "build" module I: pybuild base:311: python3.12 -m build --skip-dependency-check --no-isolation --wheel --outdir /<>/.pybuild/cpython3_3.12_asyncssh * Building wheel... /usr/lib/python3/dist-packages/setuptools/_distutils/dist.py:261: UserWarning: Unknown distribution option: 'test_suite' warnings.warn(msg) running bdist_wheel running build running build_py installing to build/bdist.linux-aarch64/wheel running install running install_lib creating build/bdist.linux-aarch64/wheel creating build/bdist.linux-aarch64/wheel/asyncssh copying build/lib/asyncssh/forward.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sftp.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pattern.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/listener.py -> build/bdist.linux-aarch64/wheel/./asyncssh creating build/bdist.linux-aarch64/wheel/asyncssh/crypto copying build/lib/asyncssh/crypto/cipher.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/kdf.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ed.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/umac.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/dh.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/dsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/__init__.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/misc.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/chacha.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ec_params.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/x509.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/ec.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/crypto/pq.py -> build/bdist.linux-aarch64/wheel/./asyncssh/crypto copying build/lib/asyncssh/sk.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/asn1.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/constants.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/config.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/public_key.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/client.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pkcs11.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss_win32.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/saslprep.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/py.typed -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/known_hosts.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/x11.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/eddsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/compression.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/editor.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/server.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/dsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/channel.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/gss_unix.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/logging.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent_unix.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/version.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/auth.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/socks.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/session.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/packet.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/__init__.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sk_eddsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/scp.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/misc.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/keysign.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex_rsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/auth_keys.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/connection.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/process.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/tuntap.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/agent_win32.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/subprocess.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/mac.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/pbe.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/ecdsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/sk_ecdsa.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/encryption.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/stream.py -> build/bdist.linux-aarch64/wheel/./asyncssh copying build/lib/asyncssh/kex_dh.py -> build/bdist.linux-aarch64/wheel/./asyncssh running install_egg_info running egg_info writing asyncssh.egg-info/PKG-INFO writing dependency_links to asyncssh.egg-info/dependency_links.txt writing requirements to asyncssh.egg-info/requires.txt writing top-level names to asyncssh.egg-info/top_level.txt reading manifest file 'asyncssh.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' adding license file 'LICENSE' writing manifest file 'asyncssh.egg-info/SOURCES.txt' Copying asyncssh.egg-info to build/bdist.linux-aarch64/wheel/./asyncssh-2.18.0.egg-info running install_scripts creating build/bdist.linux-aarch64/wheel/asyncssh-2.18.0.dist-info/WHEEL creating '/<>/.pybuild/cpython3_3.12_asyncssh/.tmp-wdvmjk19/asyncssh-2.18.0-py3-none-any.whl' and adding 'build/bdist.linux-aarch64/wheel' to it adding 'asyncssh/__init__.py' adding 'asyncssh/agent.py' adding 'asyncssh/agent_unix.py' adding 'asyncssh/agent_win32.py' adding 'asyncssh/asn1.py' adding 'asyncssh/auth.py' adding 'asyncssh/auth_keys.py' adding 'asyncssh/channel.py' adding 'asyncssh/client.py' adding 'asyncssh/compression.py' adding 'asyncssh/config.py' adding 'asyncssh/connection.py' adding 'asyncssh/constants.py' adding 'asyncssh/dsa.py' adding 'asyncssh/ecdsa.py' adding 'asyncssh/eddsa.py' adding 'asyncssh/editor.py' adding 'asyncssh/encryption.py' adding 'asyncssh/forward.py' adding 'asyncssh/gss.py' adding 'asyncssh/gss_unix.py' adding 'asyncssh/gss_win32.py' adding 'asyncssh/kex.py' adding 'asyncssh/kex_dh.py' adding 'asyncssh/kex_rsa.py' adding 'asyncssh/keysign.py' adding 'asyncssh/known_hosts.py' adding 'asyncssh/listener.py' adding 'asyncssh/logging.py' adding 'asyncssh/mac.py' adding 'asyncssh/misc.py' adding 'asyncssh/packet.py' adding 'asyncssh/pattern.py' adding 'asyncssh/pbe.py' adding 'asyncssh/pkcs11.py' adding 'asyncssh/process.py' adding 'asyncssh/public_key.py' adding 'asyncssh/py.typed' adding 'asyncssh/rsa.py' adding 'asyncssh/saslprep.py' adding 'asyncssh/scp.py' adding 'asyncssh/server.py' adding 'asyncssh/session.py' adding 'asyncssh/sftp.py' adding 'asyncssh/sk.py' adding 'asyncssh/sk_ecdsa.py' adding 'asyncssh/sk_eddsa.py' adding 'asyncssh/socks.py' adding 'asyncssh/stream.py' adding 'asyncssh/subprocess.py' adding 'asyncssh/tuntap.py' adding 'asyncssh/version.py' adding 'asyncssh/x11.py' adding 'asyncssh/crypto/__init__.py' adding 'asyncssh/crypto/chacha.py' adding 'asyncssh/crypto/cipher.py' adding 'asyncssh/crypto/dh.py' adding 'asyncssh/crypto/dsa.py' adding 'asyncssh/crypto/ec.py' adding 'asyncssh/crypto/ec_params.py' adding 'asyncssh/crypto/ed.py' adding 'asyncssh/crypto/kdf.py' adding 'asyncssh/crypto/misc.py' adding 'asyncssh/crypto/pq.py' adding 'asyncssh/crypto/rsa.py' adding 'asyncssh/crypto/umac.py' adding 'asyncssh/crypto/x509.py' adding 'asyncssh-2.18.0.dist-info/LICENSE' adding 'asyncssh-2.18.0.dist-info/METADATA' adding 'asyncssh-2.18.0.dist-info/WHEEL' adding 'asyncssh-2.18.0.dist-info/top_level.txt' adding 'asyncssh-2.18.0.dist-info/RECORD' removing build/bdist.linux-aarch64/wheel Successfully built asyncssh-2.18.0-py3-none-any.whl I: pybuild plugin_pyproject:144: Unpacking wheel built for python3.12 with "installer" module debian/rules override_dh_auto_test make[1]: Entering directory '/<>' env RES_OPTIONS=attempts:0 localehelper LANG=en_US.UTF-8 \ dh_auto_test I: pybuild base:311: cd /<>/.pybuild/cpython3_3.13_asyncssh/build; python3.13 -m pytest tests ============================= test session starts ============================== platform linux -- Python 3.13.0, pytest-8.3.3, pluggy-1.5.0 rootdir: /<> configfile: tox.ini plugins: typeguard-4.4.1 collected 1624 items tests/test_agent.py ................... [ 1%] tests/test_asn1.py . [ 1%] tests/test_auth.py ........ [ 1%] tests/test_auth_keys.py ...s..... [ 2%] tests/test_channel.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 5%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 9%] tests/test_compression.py . [ 9%] tests/test_config.py ................................................... [ 12%] ......... [ 13%] tests/test_connection.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 16%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 20%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 24%] EEEEEEEEEEEEE [ 25%] tests/test_connection_auth.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 28%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 32%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 37%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 40%] tests/test_editor.py EEEEEEEEEEEEEEEEEEEE [ 41%] tests/test_encryption.py .. [ 41%] tests/test_forward.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 44%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 48%] EEEEEEEEEEEEEEEEEE [ 50%] tests/test_kex.py ..........s [ 50%] tests/test_known_hosts.py ................ [ 51%] tests/test_logging.py EEEEEEEEE [ 52%] tests/test_mac.py .. [ 52%] tests/test_packet.py .. [ 52%] tests/test_pkcs11.py EEEEEEEEEEEE [ 53%] tests/test_process.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 56%] EEEEEEEEEEEEEEEEsssssssEEEEEEEEEEEEE [ 58%] tests/test_public_key.py ................ [ 59%] tests/test_saslprep.py ....... [ 59%] tests/test_sftp.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 63%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 67%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 72%] EEEEEEEEEEEEE..EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 76%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 80%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 85%] EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 89%] EEEEEEEEEEE [ 90%] tests/test_sk.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 92%] tests/test_stream.py EEEEEEEEEEEEEEEEEEEEEEE [ 93%] tests/test_subprocess.py EEEEEEEEEEEE [ 94%] tests/test_tuntap.py EEEEEEEEEEEEEEEEEEEEEEEEEEE [ 96%] tests/test_x11.py EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE [ 98%] tests/test_x509.py ......................... [100%] ==================================== ERRORS ==================================== _____________ ERROR at setup of _TestChannel.test_agent_forwarding _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_agent_forwarding_failure _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestChannel.test_agent_forwarding_not_offered _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannel.test_agent_forwarding_rejected _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_agent_forwarding_sock ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestChannel.test_agent_forwarding_sock_failure _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_already_open _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestChannel.test_break ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_close_during_startup ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_close_while_read_paused __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_conn_close_during_open __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannel.test_conn_close_during_startup _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_data_after_close _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_data_after_eof ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_data_past_window _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_delayed_channel_request __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_double_close _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_double_eof ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_empty_data ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_empty_write ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestChannel.test_env ____________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_env_binary_key ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_env_binary_value _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_env_from_connect _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_env_invalid_str ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestChannel.test_env_list _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_env_list_binary ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_env_non_string_key ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_env_non_string_value ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestChannel.test_env_str __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_env_str_cached ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_env_tuple _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestChannel.test_exec ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_exec_failure _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_exec_from_connect _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_exit_signal ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_exit_signal_after_close __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_exit_status ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_exit_status_after_close __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_ext_data_past_window ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_extended_data_after_eof __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_forced_exec ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannel.test_full_terminal_size_change _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestChannel.test_inbound_conn_close_while_read_paused ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_invalid_channel_request __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_invalid_channel_response _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_invalid_datatype _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_invalid_env ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_invalid_env_list _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_invalid_exec _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_invalid_exit_lang _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_invalid_exit_signal ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannel.test_invalid_open_confirmation _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_invalid_open_failure ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_invalid_signal ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_invalid_subsystem _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_invalid_tcpip_listener __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_invalid_term_type _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_invalid_terminal_modes __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_invalid_terminal_size ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_invalid_unix_listener ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_invalid_write_extended __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_keepalive _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestChannel.test_kill ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_late_auth_banner _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_mixed_env _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_numeric_signal ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestChannel.test_outbound_conn_close_while_read_paused ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_partial_unicode ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_partial_unicode_at_eof __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_pty_disallowed_by_cert __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannel.test_pty_disallowed_by_session _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_pty_without_term_type ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_rejected_session _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_rejected_tap_request ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_rejected_tcpip_direct ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_rejected_tun_request ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_rejected_unix_direct ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_request_after_close ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_request_pty ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestChannel.test_send_env _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_send_env_binary ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_send_env_from_connect ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestChannel.test_shell ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_shell_failure _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_shell_internal_error ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_shell_large_block _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestChannel.test_signal __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_subsystem _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_subsystem_failure _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_term_modes_incomplete ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_term_modes_missing_end __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannel.test_terminal_full_size ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_terminal_size_change ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestChannel.test_terminate _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestChannel.test_unexpected_userauth_request ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_unicode_error _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_unknown_action ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_unknown_channel_request __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestChannel.test_unknown_exit_signal ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannel.test_unknown_signal ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_unknown_tcpip_listener __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestChannel.test_unknown_unix_listener ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_unneeded_resume_reading __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestChannel.test_window_adjust_after_eof __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestChannel.test_write_buffer _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_xon_xoff_disable _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannel.test_xon_xoff_enable ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestChannelNoPTY.test_exec_no_pty _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannelNoPTY.test_exec_pty _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestChannelNoPTY.test_exec_pty_from_connect ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestChannelNoPTY.test_shell_no_pty _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestChannelNoPTY.test_shell_pty ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestChannelNoAgentForwarding.test_agent_forwarding_disallowed _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnectionDropbearClient.test_dropbear_client _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnectionDropbearServer.test_dropbear_server _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_banner_before_version _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_banner_line_too_long __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_changing_server_host_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_client_decompression_failure ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_client_keepalive ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_client_keepalive_failure ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_client_keepalive_string ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnection.test_client_set_invalid_keepalive_count_max _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnection.test_client_set_invalid_keepalive_interval _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnection.test_client_set_keepalive_count_max _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_client_set_keepalive_interval _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_compression_algs ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestConnection.test_connect ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_connect_encrypted_key _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_connect_failure ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_connect_failure_without_agent _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_connect_invalid_option_name ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_connect_invalid_options_type ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_connect_non_tcp_sock __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestConnection.test_connect_sock ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_connect_tcp_keepalive_off _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_connect_timeout_exceeded ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnection.test_connect_timeout_exceeded_string ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnection.test_connect_timeout_exceeded_tunnel ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestConnection.test_debug _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestConnection.test_disconnect _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_duplicate_encryption_algs _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnection.test_duplicate_type_server_host_keys ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_empty_encryption_algs _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_empty_kex_algs _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_empty_known_hosts ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_empty_mac_algs _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_encryption_algs ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_extra_userauth_request _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_gcm_verify_error ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_get_server_host_key __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_get_server_host_key_connect_failure __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_get_server_host_key_proxy _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestConnection.test_get_server_host_key_proxy_failure ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_get_server_host_key_tunnel _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_import_known_hosts ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_internal_error _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_invalid_channel_open __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnection.test_invalid_channel_open_confirmation_number _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnection.test_invalid_channel_open_failure_language _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_invalid_channel_open_failure_number __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_invalid_channel_open_failure_reason __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_invalid_client_keepalive ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_invalid_client_keepalive_count_max ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_invalid_cmp_alg ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_invalid_connect_timeout ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_invalid_data_channel_number ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestConnection.test_invalid_debug _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_invalid_disconnect ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_invalid_encryption_alg _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_invalid_global_request _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_invalid_kex_alg ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_invalid_kex_alg_config _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_invalid_kex_alg_str __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_invalid_mac_alg ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_invalid_newkeys ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_invalid_rekey_bytes __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_invalid_rekey_seconds _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_invalid_server_host_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_invalid_userauth_service ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_invalid_username ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_kex_after_kex_complete _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestConnection.test_kex_algs ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_kex_in_progress ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_known_hosts_bytes ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_known_hosts_ca _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_known_hosts_keylist_file ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_known_hosts_multiple_keys _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_known_hosts_none ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_known_hosts_none_in_config _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_known_hosts_none_without_x509 _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_known_hosts_not_present ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_known_hosts_not_readable ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_known_hosts_sshkeys __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_late_userauth_request _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_leading_encryption_alg _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestConnection.test_mac_algs ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_mac_verify_error ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestConnection.test_message_before_kexinit_strict_kex ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_message_during_kex_strict_kex _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_missing_data_channel_number ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_no_compression _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_no_local_username ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_no_matching_host_key_algs _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_no_matching_kex_algs __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_no_server_host_keys __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_packet_decode_error __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_read_known_hosts ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_read_known_hosts_filelist _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestConnection.test_rekey_bytes ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_rekey_bytes_string ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestConnection.test_rekey_seconds _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_rekey_seconds_string __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_rekey_time_disabled __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_removing_encryption_alg ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_reserved_server_host_keys _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_revoked_known_hosts_ca _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_revoked_known_hosts_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestConnection.test_run_client _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_server_ext_info ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_service_accept_before_kex_complete ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_service_accept_from_client _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_service_request_before_kex_complete __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_service_request_from_server ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestConnection.test_split_version _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_too_many_banner_lines _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnection.test_trailing_encryption_alg ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_unexpected_global_response _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestConnection.test_unexpected_service_name_in_accept ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnection.test_unexpected_service_name_in_request ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_unexpected_userauth_banner _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_unexpected_userauth_failure ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_unexpected_userauth_success ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_unknown_channel_type __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_unknown_ext_info ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnection.test_unknown_message_during_kex_strict_kex _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_unknown_packet _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestConnection.test_unknown_version ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_unsupported_kex_alg __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_untrusted_host_ca_callback _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnection.test_untrusted_host_key_callback ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_untrusted_known_hosts_ca ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_userauth_after_auth_complete ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnection.test_userauth_before_kex_complete ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnection.test_username_too_long ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnection.test_validate_host_ca_callback _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestConnection.test_version_1_99 ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnection.test_version_line_too_long _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnection.test_version_without_cr ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestConnectionNoStrictKex.test_message_before_kexinit ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnectionNoStrictKex.test_message_during_kex _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestConnectionNoStrictKex.test_sequence_wrap_during_kex __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnectionNoStrictKex.test_skip_ext_info ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_added _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_bad_signature _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_handler_disabled _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_prove_failed __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_removed ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnectionHostKeysHandler.test_host_key_revoked ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnectionHostKeysHandler.test_no_trusted_hosts ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnectionListenSock.test_connect ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestConnectionAsyncAcceptor.test_connect __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestConnectionServerCerts.test_connect ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestConnectionReverse.test_connect_reverse _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnectionReverse.test_connect_reverse_no_server_host_keys _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestConnectionReverse.test_connect_reverse_options _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestConnectionReverse.test_connect_reverse_proxy ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnectionReverse.test_connect_reverse_sock ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestConnectionReverse.test_run_server ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestConnectionReverseAsyncAcceptor.test_connect_reverse_async_acceptor _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestConnectionReverseFailed.test_connect_failed ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestConnectionKeepalive.test_server_keepalive _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestConnectionKeepalive.test_server_keepalive_failure ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestConnectionAbort.test_abort _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestDuringAuth.test_close_during_auth ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestDuringAuth.test_request_during_auth __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestServerX509Self.test_connect_x509_disabled _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestServerX509Self.test_connect_x509_revoked_self _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerX509Self.test_connect_x509_revoked_subject ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestServerX509Self.test_connect_x509_self _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerX509Self.test_connect_x509_trusted_subject ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestServerX509Self.test_connect_x509_untrusted_self ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestServerX509Self.test_connect_x509_untrusted_subject ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestServerX509Self.test_trusted_x509_certs_not_readable __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestServerX509Chain.test_connect_x509_chain ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerX509Chain.test_connect_x509_chain_cert_path ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerX509Chain.test_connect_x509_openssh_known_hosts_revoked _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerX509Chain.test_connect_x509_openssh_known_hosts_trusted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerX509Chain.test_connect_x509_openssh_x509_trusted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerX509Chain.test_connect_x509_revoked_intermediate _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerX509Chain.test_connect_x509_untrusted_root ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerX509Chain.test_connect_x509_untrusted_root_cert_path _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestServerX509Chain.test_invalid_x509_path _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestServerNoHostKey.test_dh_with_no_host_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestServerNoHostKey.test_gss_with_no_host_key _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestServerWithoutCert.test_default_server_host_keys ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerWithoutCert.test_known_hosts_none_with_key ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerWithoutCert.test_untrusted_known_hosts_key ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestServerWithoutCert.test_validate_host_key_callback ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerWithoutCert.test_validate_host_key_callback_with_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestHostKeyAlias.test_host_cert_match ___________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestHostKeyAlias.test_host_cert_match_config ________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestHostKeyAlias.test_host_key_match ____________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestHostKeyAlias.test_host_key_match_config ________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestHostKeyAlias.test_host_key_mismatch __________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestHostKeyAlias.test_host_key_unknown ___________ cls = @classmethod async def asyncSetUpClass(cls): """Set up keys, custom host cert, and suitable known_hosts""" > await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_connection.py:2436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestServerInternalError.test_server_internal_error _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestInvalidAuthBanner.test_invalid_auth_banner _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestExpiredServerHostCertificate.test_expired_server_host_cert _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestExpiredServerHostCertificate.test_known_hosts_none_with_expired_cert _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestCustomClientVersion.test_custom_client_version _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCustomClientVersion.test_custom_client_version_bytes __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestCustomClientVersion.test_long_client_version ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCustomClientVersion.test_nonprintable_client_version __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestCustomServerVersion.test_custom_server_version _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestCustomServerVersion.test_long_server_version ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCustomServerVersion.test_nonprintable_server_version __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestReverseDNS.test_reverse_dns ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestListenerContextManager.test_ssh_listen_context_manager _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestNullAuth.test_disabled_auth ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestNullAuth.test_disabled_trivial_auth __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestNullAuth.test_get_server_auth_methods _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestGSSAuth.test_disabled_trivial_gss_kex_auth _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestGSSAuth.test_disabled_trivial_gss_mic_auth _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestGSSAuth.test_get_server_auth_methods __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestGSSAuth.test_gss_auth_disabled _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestGSSAuth.test_gss_auth_unavailable ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestGSSAuth.test_gss_client_error _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestGSSAuth.test_gss_delegate _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestGSSAuth.test_gss_kex_auth _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestGSSAuth.test_gss_kex_disabled _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestGSSAuth.test_gss_mic_auth _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestGSSAuth.test_gss_mic_auth_sign_error __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestGSSAuth.test_gss_mic_auth_store ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestGSSAuth.test_gss_mic_auth_verify_error _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestGSSServerAuthDisabled.test_gss_auth_unavailable ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestGSSServerAuthDisabled.test_gss_kex_unavailable _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestGSSServerError.test_gss_server_error __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestGSSFQDN.test_gss_fqdn_lookup ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestHostBasedAuth.test_client_host_auth __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestHostBasedAuth.test_client_host_auth_disabled ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestHostBasedAuth.test_client_host_key_bytes ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAuth.test_client_host_key_keypairs ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestHostBasedAuth.test_client_host_key_sshkey _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestHostBasedAuth.test_client_host_signature_algs _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAuth.test_client_host_trailing_dot ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAuth.test_disabled_trivial_client_host_auth __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestHostBasedAuth.test_expired_cert ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAuth.test_get_server_auth_methods _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAuth.test_get_server_auth_methods_no_sockname _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestHostBasedAuth.test_invalid_client_host_signature ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAuth.test_invalid_client_username _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestHostBasedAuth.test_mismatched_client_host _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestHostBasedAuth.test_mismatched_client_username _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestHostBasedAuth.test_missing_cert ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAuth.test_no_server_signature_algs ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestHostBasedAuth.test_untrusted_ca ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestHostBasedAuth.test_untrusted_client_host_key ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestHostBasedAuthNoRDNS.test_client_host_auth_no_rdns ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCallbackHostBasedAuth.test_untrusted_client_host_ca_callback _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCallbackHostBasedAuth.test_untrusted_client_host_callback _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCallbackHostBasedAuth.test_validate_client_host_ca_callback _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestCallbackHostBasedAuth.test_validate_client_host_callback _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestKeysignHostBasedAuth.test_explciit_keysign _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKeysignHostBasedAuth.test_explicit_keysign_not_found __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestKeysignHostBasedAuth.test_invalid_keysign_response ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestKeysignHostBasedAuth.test_invalid_keysign_version ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestKeysignHostBasedAuth.test_keysign ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestKeysignHostBasedAuth.test_keysign_dir_not_present ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestKeysignHostBasedAuth.test_keysign_error ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKeysignHostBasedAuth.test_keysign_explicit_host_keys __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestKeysignHostBasedAuth.test_keysign_not_found ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_auth _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_auth_disabled _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_key_bytes __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_key_keypairs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_key_sshkey __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_client_host_trailing_dot _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_disabled_trivial_client_host_auth _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAsyncServerAuth.test_expired_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_get_server_auth_methods _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_get_server_auth_methods_no_sockname _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_invalid_client_host_signature _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_invalid_client_username _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_mismatched_client_host __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_mismatched_client_username _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAsyncServerAuth.test_missing_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_no_server_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestHostBasedAsyncServerAuth.test_untrusted_ca _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestHostBasedAsyncServerAuth.test_untrusted_client_host_key _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestLimitedHostBasedSignatureAlgs.test_host_signature_alg_fallback _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestLimitedHostBasedSignatureAlgs.test_mismatched_host_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestPublicKeyAuth.test_agent_auth _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestPublicKeyAuth.test_agent_auth_failure _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPublicKeyAuth.test_agent_auth_unset __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPublicKeyAuth.test_agent_identities __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAuth.test_agent_identities_config _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAuth.test_agent_identities_config_default_keys _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPublicKeyAuth.test_agent_keypair_with_replaced_cert __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_agent_signature_algs ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPublicKeyAuth.test_allowed_address ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestPublicKeyAuth.test_callback ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_callback_sshkeypair _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAuth.test_callback_untrusted_client_key ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPublicKeyAuth.test_client_certs ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPublicKeyAuth.test_client_key_agent_keypairs ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPublicKeyAuth.test_client_key_bytes __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_client_key_keypairs _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestPublicKeyAuth.test_client_key_sshkey __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAuth.test_default_public_key_auth _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPublicKeyAuth.test_disabled_trivial_public_key_auth __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestPublicKeyAuth.test_disallowed_address _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_awaitable ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_bad_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_callable ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_list_awaitable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_list_callable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAuth.test_encrypted_client_key_missing_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPublicKeyAuth.test_expired_cert ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAuth.test_get_server_auth_methods _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_invalid_default_key _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPublicKeyAuth.test_keypair_with_replaced_cert _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestPublicKeyAuth.test_mismatched_ca ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPublicKeyAuth.test_missing_cert ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAuth.test_no_server_signature_algs ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPublicKeyAuth.test_public_key_auth ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAuth.test_public_key_auth_disabled ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAuth.test_public_key_auth_not_preferred ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPublicKeyAuth.test_public_key_signature_algs ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPublicKeyAuth.test_unknown_auth ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPublicKeyAuth.test_untrusted_ca ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAuth.test_untrusted_client_key ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_auth ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_auth_failure ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_auth_unset _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_identities _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_identities_config _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_identities_config_default_keys _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_keypair_with_replaced_cert _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_agent_signature_algs ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_allowed_address _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_callback _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_callback_sshkeypair ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_callback_untrusted_client_key _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_client_certs _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_client_key_agent_keypairs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_client_key_bytes _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_client_key_keypairs ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_client_key_sshkey ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_default_public_key_auth _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_disabled_trivial_public_key_auth _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_disallowed_address ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_awaitable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_bad_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_callable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_list_awaitable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_list_callable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_encrypted_client_key_missing_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_expired_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_get_server_auth_methods _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_invalid_default_key ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_keypair_with_replaced_cert _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_mismatched_ca ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_missing_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_no_server_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_public_key_auth _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_public_key_auth_disabled _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_public_key_auth_not_preferred _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_public_key_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_unknown_auth _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_untrusted_ca _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPublicKeyAsyncServerAuth.test_untrusted_client_key ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestLimitedPublicKeySignatureAlgs.test_mismatched_client_signature_algs _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSetAuthorizedKeys.test_cert_principals _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSetAuthorizedKeys.test_set_authorized_keys _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPreloadedAuthorizedKeys.test_pre_loaded_authorized_keys _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPreloadedAuthorizedKeysFileList.test_pre_loaded_authorized_keys _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestX509Auth.test_agent_keypair_with_x509_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestX509Auth.test_disabled_trivial_x509_auth ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestX509Auth.test_keypair_with_x509_cert __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX509Auth.test_x509_chain ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestX509Auth.test_x509_incomplete_chain __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX509Auth.test_x509_self ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestX509Auth.test_x509_untrusted_cert ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestX509AuthDisabled.test_failed_x509_auth _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestX509AuthDisabled.test_non_x509 _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX509Subject.test_x509_subject _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestX509Untrusted.test_x509_untrusted ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestX509Disabled.test_x509_disabled ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPasswordAuth.test_disabled_trivial_password_auth ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPasswordAuth.test_disabled_trivial_password_change ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_get_server_auth_methods _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPasswordAuth.test_password_auth ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestPasswordAuth.test_password_auth_async_callable _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_password_auth_awaitable _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_password_auth_callable ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_password_auth_callback ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestPasswordAuth.test_password_auth_callback_failure ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_password_auth_disabled ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPasswordAuth.test_password_auth_failure ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestPasswordAuth.test_password_change ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPasswordAuth.test_password_change_failure _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_disabled_trivial_password_auth _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_disabled_trivial_password_change _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_get_server_auth_methods __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_async_callable _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_awaitable __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_callable __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_callback __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_callback_failure _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_disabled __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_auth_failure ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_change ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestPasswordAsyncServerAuth.test_password_change_failure __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestKbdintAuth.test_disabled_trivial_kbdint_auth ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestKbdintAuth.test_disabled_trivial_kbdint_no_prompts ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestKbdintAuth.test_get_server_auth_methods ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_callback __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_callback_failure ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_callback_multi _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_disabled __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_failure __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_multi_not_password _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_no_prompts _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_not_password ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_passcode __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestKbdintAuth.test_kbdint_auth_password __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintAsyncServerAuth.test_disabled_trivial_kbdint_auth _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintAsyncServerAuth.test_disabled_trivial_kbdint_no_prompts _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestKbdintAsyncServerAuth.test_get_server_auth_methods ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_callback ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_callback_failure _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_callback_multi _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_disabled ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_failure _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_multi_not_password _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_no_prompts ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_not_password __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_passcode ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestKbdintAsyncServerAuth.test_kbdint_auth_password ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestKbdintPasswordServerAuth.test_kbdint_password_auth ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintPasswordServerAuth.test_kbdint_password_auth_multiple_responses _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestKbdintPasswordServerAuth.test_kbdint_password_change __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestClientLoginTimeout.test_client_login_timeout_exceeded _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestClientLoginTimeout.test_client_login_timeout_exceeded_string _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestClientLoginTimeout.test_invalid_client_login_timeout __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerLoginTimeoutExceeded.test_server_login_timeout_exceeded _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestServerLoginTimeoutDisabled.test_server_login_timeout_disabled _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestEditor.test_change_width ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestEditor.test_change_width_non_wrap ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestEditor.test_editor ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestEditor.test_editor_clear_input _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestEditor.test_editor_echo_off ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestEditor.test_editor_echo_on _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestEditor.test_editor_line_mode_off ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestEditor.test_no_terminal ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestEditor.test_non_wrap __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestEditor.test_unknown_signal _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestEditorDisabled.test_editor_disabled __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestEditorEncodingNone.test_change_width __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestEditorEncodingNone.test_editor_disabled_encoding_none _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestEditorUnlimitedLength.test_editor_unlimited_length ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestEditorANSI.test_editor_ansi ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestEditorOutputWrap.test_editor_output_wrap ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestEditorSoftEOF.test_editor_soft_eof ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestEditorRegisterKey.test_editor_register_key _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestEditorRegisterKey.test_editor_signal __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestEditorLineEcho.test_editor_line_echo __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_add_channel_after_close _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestTCPForwarding.test_async_runtime_error _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_cancel_forward_remote_port_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTCPForwarding.test_connection _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestTCPForwarding.test_connection_failure _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_connection_invalid_unicode _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_connection_not_permitted ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestTCPForwarding.test_connection_not_permitted_open ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestTCPForwarding.test_connection_rejected _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_forward_bind_error_ipv4 _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_forward_bind_error_ipv6 _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTCPForwarding.test_forward_connect_error ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTCPForwarding.test_forward_immediate_eof ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_forward_local_path_to_port _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_forward_local_path_to_port_failure _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestTCPForwarding.test_forward_local_port _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_forward_local_port_accept_handler __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_forward_local_port_accept_handler_denial _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_forward_local_port_failure _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_forward_local_port_pause ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestTCPForwarding.test_forward_port_to_path_bind_error ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestTCPForwarding.test_forward_remote_port _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestTCPForwarding.test_forward_remote_port_failure _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_forward_remote_port_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_forward_remote_port_not_permitted __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestTCPForwarding.test_forward_remote_port_to_path _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestTCPForwarding.test_forward_remote_specific_port ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestTCPForwarding.test_listener_close_on_conn_close ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_multiple_global_requests ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTCPForwarding.test_proxy_jump _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_proxy_jump_encrypted_key ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwarding.test_proxy_jump_encrypted_key_missing_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestTCPForwarding.test_proxy_jump_multiple _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestTCPForwarding.test_server _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTCPForwarding.test_server_context_manager _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTCPForwarding.test_server_failure ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestTCPForwarding.test_server_non_async __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestTCPForwarding.test_server_open _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_ssh_connect_reverse_tunnel _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestTCPForwarding.test_ssh_connect_tunnel _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_ssh_connect_tunnel_string ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestTCPForwarding.test_ssh_connect_tunnel_string_failed __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestTCPForwarding.test_ssh_create_tunnel __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestTCPForwarding.test_ssh_listen_reverse_tunnel ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestTCPForwarding.test_ssh_listen_tunnel __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestTCPForwarding.test_ssh_listen_tunnel_default_port ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestTCPForwarding.test_ssh_listen_tunnel_string ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestTCPForwarding.test_ssh_listen_tunnel_string_failed ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestTCPForwardingAcceptHandler.test_forward_remote_port_accept_handler _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestAsyncTCPForwarding.test_add_channel_after_close ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_async_runtime_error ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_cancel_forward_remote_port_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestAsyncTCPForwarding.test_connection ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_connection_failure _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_connection_invalid_unicode ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_connection_not_permitted ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_connection_not_permitted_open _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_connection_rejected ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestAsyncTCPForwarding.test_forward_bind_error_ipv4 ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestAsyncTCPForwarding.test_forward_bind_error_ipv6 ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestAsyncTCPForwarding.test_forward_connect_error _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestAsyncTCPForwarding.test_forward_immediate_eof _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_path_to_port ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_path_to_port_failure _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_port _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_port_accept_handler _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_port_accept_handler_denial _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_port_failure ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_forward_local_port_pause ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_port_to_path_bind_error _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_port ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_port_failure __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_port_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_port_not_permitted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_port_to_path __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_forward_remote_specific_port __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_listener_close_on_conn_close __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_multiple_global_requests ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestAsyncTCPForwarding.test_proxy_jump ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_proxy_jump_encrypted_key ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_proxy_jump_encrypted_key_missing_passphrase _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_proxy_jump_multiple ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestAsyncTCPForwarding.test_server _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestAsyncTCPForwarding.test_server_context_manager _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestAsyncTCPForwarding.test_server_failure _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestAsyncTCPForwarding.test_server_non_async ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestAsyncTCPForwarding.test_server_open __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_connect_reverse_tunnel ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_connect_tunnel _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_connect_tunnel_string ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_connect_tunnel_string_failed _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_create_tunnel _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_listen_reverse_tunnel ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_listen_tunnel _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_listen_tunnel_default_port _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_listen_tunnel_string ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncTCPForwarding.test_ssh_listen_tunnel_string_failed _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_cancel_forward_remote_path_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestUNIXForwarding.test_forward_local_path _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestUNIXForwarding.test_forward_local_port_to_path _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_forward_local_port_to_path_accept_handler _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_forward_local_port_to_path_accept_handler_denial _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestUNIXForwarding.test_forward_remote_path ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestUNIXForwarding.test_forward_remote_path_failure ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_forward_remote_path_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_forward_remote_path_not_permitted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestUNIXForwarding.test_forward_remote_path_to_port ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestUNIXForwarding.test_forward_specific_local_port_to_path _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestUNIXForwarding.test_unix_connection __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestUNIXForwarding.test_unix_connection_failure ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestUNIXForwarding.test_unix_connection_invalid_unicode __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestUNIXForwarding.test_unix_connection_not_permitted ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestUNIXForwarding.test_unix_connection_rejected ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestUNIXForwarding.test_unix_server ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestUNIXForwarding.test_unix_server_failure ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestUNIXForwarding.test_unix_server_non_async _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestUNIXForwarding.test_unix_server_open __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_cancel_forward_remote_path_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_local_path ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_local_port_to_path __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_local_port_to_path_accept_handler _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_local_port_to_path_accept_handler_denial _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_remote_path ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_remote_path_failure __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_remote_path_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_remote_path_not_permitted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_remote_path_to_port __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_forward_specific_local_port_to_path _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_connection ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_connection_failure ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_connection_invalid_unicode _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_connection_not_permitted _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_connection_rejected ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_server __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_server_failure ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_server_non_async _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestAsyncUNIXForwarding.test_unix_server_open _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSOCKSForwarding.test_forward_bind_error_socks _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSOCKSForwarding.test_forward_socks ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSOCKSForwarding.test_forward_socks_specific_port ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestLogging.test_channel_log ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestLogging.test_connection_log ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestLogging.test_debug_levels _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestLogging.test_invalid_debug_level ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestLogging.test_logging __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestLogging.test_packet_logging ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestLogging.test_process_log ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestLogging.test_sftp_log _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestLogging.test_stream_log ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPKCS11TokenNotFound.test_key_not_found _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestPKCS11Auth.test_load_keys _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestPKCS11Auth.test_load_keys_without_certs ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestPKCS11Auth.test_match_key_id ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPKCS11Auth.test_match_key_id_bytes ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestPKCS11Auth.test_match_key_label ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestPKCS11Auth.test_match_token_label ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestPKCS11Auth.test_match_token_serial ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPKCS11Auth.test_match_token_serial_bytes ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestPKCS11Auth.test_pkcs11_auth ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestPKCS11Auth.test_pkcs11_load_keys ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestPKCS11Auth.test_pkcs11_with_replaced_cert _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestProcessBasic.test_break ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessBasic.test_change_terminal_size _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestProcessBasic.test_command _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessBasic.test_communicate _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessBasic.test_communicate_paused __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessBasic.test_disconnect ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestProcessBasic.test_env _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessBasic.test_exit_signal _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessBasic.test_exit_status _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestProcessBasic.test_get_extra_info ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestProcessBasic.test_ignoring_invalid_unicode _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessBasic.test_incomplete_unicode __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestProcessBasic.test_invalid_unicode ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestProcessBasic.test_kill _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestProcessBasic.test_numeric_signal ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessBasic.test_old_terminal_info __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessBasic.test_raise_on_exit_signal _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessBasic.test_raise_on_exit_status _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessBasic.test_raise_on_timeout ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestProcessBasic.test_shell ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestProcessBasic.test_signal ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestProcessBasic.test_split_unicode ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestProcessBasic.test_subsystem ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestProcessBasic.test_terminal_info ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestProcessBasic.test_terminate ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestProcessBasic.test_unknown_action ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_change_stdin_process ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_change_stdout _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_change_stdout_process _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_consecutive_redirect ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_forward_break _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_forward_signal _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_forward_terminal_size _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestProcessRedirection.test_forward_terminal_size_nontty __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestProcessRedirection.test_forward_terminal_size_tty ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessRedirection.test_input _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestProcessRedirection.test_pause_file_reader _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_pause_process_reader ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestProcessRedirection.test_redirect_process_when_paused __ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestProcessRedirection.test_redirect_stdin_when_paused ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessRedirection.test_server_redirect_stderr _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessRedirection.test_server_redirect_stdin _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessRedirection.test_server_redirect_stdout _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stderr_stdout _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestProcessRedirection.test_stdin_binary_file _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdin_bytesio _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdin_devnull _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessRedirection.test_stdin_file ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessRedirection.test_stdin_open_binary_file _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdin_open_file ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdin_pathlib _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdin_process _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdin_stream __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdin_stringio _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestProcessRedirection.test_stdout_binary_file _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdout_bytesio _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdout_devnull _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessRedirection.test_stdout_file __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessRedirection.test_stdout_open_binary_file ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestProcessRedirection.test_stdout_open_file ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestProcessRedirection.test_stdout_open_file_keep_open ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdout_pathlib _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdout_process _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessRedirection.test_stdout_stream _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessRedirection.test_stdout_stream_keep_open ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessRedirection.test_stdout_stringio ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessPipes.test_stdin_binary_pipe __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessPipes.test_stdin_pipe ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestProcessPipes.test_stdin_text_pipe ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestProcessPipes.test_stdout_binary_pipe __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestProcessPipes.test_stdout_pipe _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessPipes.test_stdout_pipe_keep_open ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessPipes.test_stdout_text_pipe ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessPipes.test_stdout_text_pipe_keep_open ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestProcessSocketPair.test_change_stdin __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestProcessSocketPair.test_pause_socketpair_pipes _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestProcessSocketPair.test_pause_socketpair_streams ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestProcessSocketPair.test_stdin_socketpair ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestProcessSocketPair.test_stdout_socketpair ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_attrib_extension_response_v6 _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_bad_response_type ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_byte_range_lock_conflict_v6 _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_byte_range_lock_refused_v6 __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_byte_range_unlock_mismatch_v6 ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_cannot_delete_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_chmod ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_chown ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_chown_v4 ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_cleanup_open_files ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_close_after_init _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_closed_file _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_copy _____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTP.test_copy_directory_no_recurse __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_copy_directory_no_recurse_v6 _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_copy_follow_symlinks _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_copy_invalid_name ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_copy_preserve ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_copy_preserve_link ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTP.test_copy_preserve_link_unsupported ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_copy_progress ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_copy_recurse _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_copy_recurse_existing ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_copy_recurse_follow_symlinks _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_delete_pending_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_empty_extension_response_v5 _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_exists ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_exited_session ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_extension_in_init ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_file_chown __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_chown_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_file_corrupt_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_file_handle_skip _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_file_lock __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_lock_v6 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_file_seek __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_setstat _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_file_setstat_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_file_stat __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_stat_v4 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_stat_v6 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_statvfs _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_file_sync __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_truncate ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_file_utime __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_file_utime_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_glob _____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_glob_error_handler ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_glob_error_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_glob_errors _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_immediate_client_close ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_incomplete_init_request ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_incomplete_message ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_incomplete_version_response _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_invalid_access_flags_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_invalid_handle ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_invalid_handle_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_invalid_open56 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_invalid_open_flags_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_invalid_open_mode ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_lexists ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_link _____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_link_v6 ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_listdir ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_listdir_error_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_listdir_v4 __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_lock_conflict_v5 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_log_formatting ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_lsetstat ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_lsetstat_v4 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_lsetstat_v6 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_lstat ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_lstat_v4 ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_lstat_v6 ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_lstat_via_stat ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTP.test_makedirs_no_parent_perms ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_makedirs_no_perms ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_malformed_ok_response ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_malformed_open_request ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_malformed_readlink_response _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_malformed_realpath_response _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_missing_request_pktid ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_mkdir ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_multiple_copy ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTP.test_multiple_copy_bytes_path ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_multiple_copy_error_handler _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_multiple_copy_glob ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_multiple_copy_pathlib_path __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_multiple_copy_target_not_dir _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTP.test_multiple_copy_target_not_dir_v6 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_multiple_copy_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_multiple_copy_v5 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_multiple_copy_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_no_init ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_no_media_v4 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_no_space_v5 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_non_version_response _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_nonstandard_symlink_client __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_nonstandard_version _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_open56_append_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTP.test_open56_exclusive_create_existing_v6 _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_open56_exclusive_create_v6 __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTP.test_open56_overwrite_offset_size_v6 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_open56_overwrite_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_open56_truncate_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_open56_write_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_open_append _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_open_append_v6 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_open_exclusive_create ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTP.test_open_exclusive_create_existing ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTP.test_open_exclusive_create_existing_v4 ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTP.test_open_exclusive_create_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_open_file_dir_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_open_link_loop_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_open_overwrite ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_open_overwrite_nonexistent __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_open_overwrite_offset_size __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_open_overwrite_offset_size_v6 ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_open_read __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_open_read_bytes _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_open_read_no_blocksize ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_open_read_nonexistent ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_open_read_not_permitted ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_open_read_offset_size ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_open_read_out_of_order ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_open_read_parallel ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_open_truncate ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_open_truncate_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_open_write __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_open_write_bytes _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_open_write_v6 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTP.test_posix_rename _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_posix_rename_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_quota_exceeded_v5 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_readlink ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_readlink_decode_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_readlink_v6 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_remove ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_rename ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_rename_v6 __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_rmdir ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_rmdir_not_empty_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_rmtree ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_rmtree_file _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_rmtree_ignore_errors _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTP.test_rmtree_non_existent _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_rmtree_onerror ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_rmtree_rmdir_failure _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_rmtree_symlink ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_rmtree_symlink_onerror ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_rmtree_unlink_failure ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_setstat ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTP.test_setstat_invalid_owner_group_v6 ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_setstat_v4 __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_short_ok_response ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_stat _____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_statvfs ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_symlink ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_symlink_encode_error _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_symlink_v4 __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_symlink_v6 __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_truncate ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_unexpected_client_close ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_unexpected_ok_response ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_unexpected_server_close ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_unknown_extension_response __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTP.test_unknown_principal_v5 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTP.test_unknown_request _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSFTP.test_unlink ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTP.test_unrecognized_response_pktid _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTP.test_unsupported_extensions ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTP.test_unsupported_extensions_v6 __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTP.test_unsupported_version_response _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________________ ERROR at setup of _TestSFTP.test_utime ____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTP.test_utime_v4 ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_write_close _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTP.test_write_protect_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTP.test_zero_limits _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPCallable.test_stat _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPServerProperties.test_properties __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPChroot.test_chroot_copy ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPChroot.test_chroot_glob ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPChroot.test_chroot_makedirs ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPChroot.test_chroot_makedirs_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPChroot.test_chroot_readlink ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPChroot.test_chroot_realpath ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPChroot.test_chroot_realpath_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPChroot.test_chroot_symlink _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPChroot.test_getcwd_and_chdir ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPReadEOFWithAttrs.test_get _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPUnknownError.test_stat_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPOpenError.test_open_error_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPIOError.test_put_error _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPIOError.test_read_error ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPIOError.test_write_error ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPSmallBlockSize.test_get ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPSmallBlockSize.test_read ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPEOFDuringCopy.test_get _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPNotImplemented.test_symlink_error _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPFileType.test_filetype _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPLongname.test_getgrgid_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPLongname.test_getpwuid_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPLongname.test_glob_hidden _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPLongname.test_longname _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPLongname.test_strftime_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPLargeListDir.test_large_listdir __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPStatVFS.test_file_statvfs _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPStatVFS.test_statvfs ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPChown.test_chown __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPChown.test_chown_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestSFTPNonstandardSymlink.test_nonstandard_symlink_client _ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_async_realpath _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_async_realpath_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_attrib_extension_response_v6 ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_bad_response_type ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_byte_range_lock_conflict_v6 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_byte_range_lock_refused_v6 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTPAsync.test_byte_range_unlock_mismatch_v6 ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_cannot_delete_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_chmod __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_chown __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_chown_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_cleanup_open_files ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_close_after_init ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_closed_file _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTPAsync.test_copy __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_copy_directory_no_recurse ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_copy_directory_no_recurse_v6 ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_copy_follow_symlinks __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_copy_invalid_name ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_copy_preserve ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_copy_preserve_link ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTPAsync.test_copy_preserve_link_unsupported _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_copy_progress ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_copy_recurse ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_copy_recurse_existing __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_copy_recurse_follow_symlinks ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_delete_pending_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_empty_extension_response_v5 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_exists _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_exited_session _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_extension_in_init ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_chown _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_file_chown_v4 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_file_corrupt_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_file_handle_skip ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_lock ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_file_lock_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_seek ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_file_setstat ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_file_setstat_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_stat ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_file_stat_v4 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_file_stat_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_file_statvfs ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_sync ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_file_truncate ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_file_utime _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_file_utime_v4 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTPAsync.test_glob __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_glob_error_handler ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_glob_error_v4 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_glob_errors _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_immediate_client_close _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_incomplete_init_request _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_incomplete_message ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_incomplete_version_response _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_invalid_access_flags_v6 _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_invalid_handle _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_invalid_handle_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_invalid_open56 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_invalid_open_flags_v6 __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_invalid_open_mode ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_lexists _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTPAsync.test_link __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_link_v6 _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_listdir _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_listdir_error_v4 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_listdir_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_lock_conflict_v5 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_log_formatting _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_lsetstat ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_lsetstat_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_lsetstat_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_lstat __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_lstat_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_lstat_v6 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_lstat_via_stat _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_makedirs_no_parent_perms ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_makedirs_no_perms ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_malformed_ok_response __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_malformed_open_request _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_malformed_readlink_response _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_malformed_realpath_response _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_missing_request_pktid __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_mkdir __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_multiple_copy ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_multiple_copy_bytes_path ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_multiple_copy_error_handler _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_multiple_copy_glob ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_multiple_copy_pathlib_path _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_multiple_copy_target_not_dir ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestSFTPAsync.test_multiple_copy_target_not_dir_v6 _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_multiple_copy_v4 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_multiple_copy_v5 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_multiple_copy_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_no_init _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_no_media_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_no_space_v5 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_non_version_response __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_nonstandard_symlink_client _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_nonstandard_version ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open56_append_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __ ERROR at setup of _TestSFTPAsync.test_open56_exclusive_create_existing_v6 ___ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_open56_exclusive_create_v6 _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestSFTPAsync.test_open56_overwrite_offset_size_v6 _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_open56_overwrite_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_open56_truncate_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open56_write_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_open_append _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_open_append_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_open_exclusive_create __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTPAsync.test_open_exclusive_create_existing _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSFTPAsync.test_open_exclusive_create_existing_v4 ____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_open_exclusive_create_v6 ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open_file_dir_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_open_link_loop_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_open_overwrite _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_open_overwrite_nonexistent _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_open_overwrite_offset_size _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTPAsync.test_open_overwrite_offset_size_v6 ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_open_read ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open_read_bytes _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_open_read_no_blocksize _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_open_read_nonexistent __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_open_read_not_permitted _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_open_read_offset_size __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_open_read_out_of_order _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_open_read_parallel ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_open_truncate ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open_truncate_v6 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_open_write _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_open_write_bytes ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_open_write_v6 ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_posix_rename ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_posix_rename_v6 _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_quota_exceeded_v5 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_readlink ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_readlink_decode_error __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_readlink_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_remove _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_rename _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_rename_v6 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_rmdir __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_rmdir_not_empty_v6 ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_rmtree _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_rmtree_file _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_rmtree_ignore_errors __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_rmtree_non_existent ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_rmtree_onerror _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_rmtree_rmdir_failure __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSFTPAsync.test_rmtree_symlink _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_rmtree_symlink_onerror _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_rmtree_unlink_failure __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_setstat _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSFTPAsync.test_setstat_invalid_owner_group_v6 _____ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_setstat_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSFTPAsync.test_short_ok_response ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSFTPAsync.test_stat __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_statvfs _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_symlink _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_symlink_encode_error __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_symlink_v4 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSFTPAsync.test_symlink_v6 _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_truncate ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_unexpected_client_close _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_unexpected_ok_response _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSFTPAsync.test_unexpected_server_close _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_unknown_extension_response _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSFTPAsync.test_unknown_principal_v5 __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_unknown_request _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_unlink _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_unrecognized_response_pktid _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSFTPAsync.test_unsupported_extensions _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSFTPAsync.test_unsupported_extensions_v6 ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSFTPAsync.test_unsupported_version_response ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSFTPAsync.test_utime __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSFTPAsync.test_utime_v4 ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_write_close _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSFTPAsync.test_write_protect_v4 ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSFTPAsync.test_zero_limits _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________________ ERROR at setup of _TestSCP.test_copy _____________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_copy_cancel __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCP.test_copy_error_handler_sink ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_copy_error_handler_source ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCP.test_copy_multiple _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCP.test_copy_preserve _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCP.test_copy_progress _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_copy_recurse _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCP.test_copy_recurse_existing _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_copy_recurse_not_directory __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSCP.test_destination_open_connection __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________________ ERROR at setup of _TestSCP.test_get ______________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSCP.test_get_cancel __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCP.test_get_directory_as_file _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_get_error_handler _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_get_non_directory_in_path ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_get_not_permitted _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_get_preserve _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_get_progress _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_get_recurse __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCP.test_get_recurse_existing _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_get_recurse_not_directory ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCP.test_invalid_argument _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_invalid_c_argument ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_invalid_t_argument ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSCP.test_local_copy __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_missing_direction _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_missing_path _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________________ ERROR at setup of _TestSCP.test_put ______________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSCP.test_put_cancel __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCP.test_put_must_be_dir ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_put_name_too_long _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_put_non_directory_in_path ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_put_preserve _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_put_progress _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCP.test_put_read_early_eof ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCP.test_put_read_error ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_put_recurse __________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCP.test_put_recurse_existing _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCP.test_put_recurse_not_directory ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSCP.test_source_bytes _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCP.test_source_open_connection ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCP.test_source_string _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________________ ERROR at setup of _TestSCPAsync.test_copy ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_copy_cancel _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSCPAsync.test_copy_error_handler_sink _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAsync.test_copy_error_handler_source ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_copy_multiple ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_copy_preserve ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_copy_progress ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_copy_recurse _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPAsync.test_copy_recurse_existing __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSCPAsync.test_copy_recurse_not_directory ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSCPAsync.test_destination_open_connection _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSCPAsync.test_get ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_get_cancel ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPAsync.test_get_directory_as_file __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAsync.test_get_error_handler ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAsync.test_get_non_directory_in_path ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAsync.test_get_not_permitted ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_get_preserve _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_get_progress _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_get_recurse _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPAsync.test_get_recurse_existing ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAsync.test_get_recurse_not_directory ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAsync.test_invalid_argument _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCPAsync.test_invalid_c_argument ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCPAsync.test_invalid_t_argument ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_local_copy ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAsync.test_missing_direction ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_missing_path _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSCPAsync.test_put ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_put_cancel ________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCPAsync.test_put_must_be_dir _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAsync.test_put_name_too_long ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAsync.test_put_non_directory_in_path ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_put_preserve _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_put_progress _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCPAsync.test_put_read_early_eof ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCPAsync.test_put_read_error ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPAsync.test_put_recurse _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPAsync.test_put_recurse_existing ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAsync.test_put_recurse_not_directory ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_source_bytes _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSCPAsync.test_source_open_connection __________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPAsync.test_source_string ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestSCPAttrs.test_get ___________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSCPAttrs.test_put_not_permitted ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestSCPAttrs.test_put_recurse_not_directory ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPIOError.test_copy_error _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSCPIOError.test_put_error _______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSCPErrors.test_copy_connection_lost_sink ________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSCPErrors.test_copy_connection_lost_source _______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCPErrors.test_copy_early_eof _____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSCPErrors.test_copy_extra_e ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPErrors.test_copy_unknown_action ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____ ERROR at setup of _TestSCPErrors.test_get_directory_without_recurse ______ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSCPErrors.test_get_early_eof ______________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSCPErrors.test_get_t_without_preserve _________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCPErrors.test_get_unknown_action ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSCPErrors.test_put_connection_lost ___________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSCPErrors.test_put_startup_error ____________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSCPErrors.test_unknown _________________ cls = @classmethod def setUpClass(cls): """Check if symlink is available on this platform""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:626: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_sftp.py:4766: in asyncSetUpClass await super().asyncSetUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSKAuthKeyNotFound.test_enroll_key_not_found ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSKAuthCTAP1.test_auth _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSKAuthCTAP1.test_auth_ctap1_error ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthCTAP1.test_enroll_ctap1_error __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthCTAP1.test_sk_unsupported_alg __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSKAuthCTAP2.test_auth _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSKAuthCTAP2.test_auth_ctap2_error ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthCTAP2.test_enroll_ctap2_error __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthCTAP2.test_enroll_pin_invalid __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSKAuthCTAP2.test_enroll_pin_required __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSKAuthCTAP2.test_enroll_with_pin ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthCTAP2.test_enroll_without_pin __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______ ERROR at setup of _TestSKAuthMultipleKeys.test_auth_cred_not_found ______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSKAuthResidentKeys.test_koad_resident_user_match ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestSKAuthResidentKeys.test_load_resident _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSKAuthResidentKeys.test_load_resident_ctap2_error ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestSKAuthResidentKeys.test_load_resident_no_match _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSKAuthResidentKeys.test_load_resident_pin_invalid ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSKAuthResidentKeys.test_load_resident_user_match ____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestSKAuthResidentKeys.test_no_resident_keys ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestSKAuthResidentKeys.test_pin_not_set __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____ ERROR at setup of _TestSKAuthTouchNotRequired.test_auth_without_touch _____ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___ ERROR at setup of _TestSKAuthTouchRequiredECDSA.test_auth_touch_required ___ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestSKCertAuthTouchNotRequired.test_cert_auth_cert_touch_not_required _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestSKCertAuthTouchNotRequired.test_cert_auth_cert_touch_required _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestSKCertAuthTouchRequired.test_cert_auth_cert_touch_required _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _ ERROR at setup of _TestSKCertAuthTouchRequired.test_cert_auth_touch_required _ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestSKHostAuth.test_sk_host_auth ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestSKHostCertAuth.test_sk_host_auth ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestStream.test_abort ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestStream.test_abort_closed ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_async_iterator _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestStream.test_custom_disconnect _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestStream.test_feed ____________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_get_extra_info _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestStream.test_large_block ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestStream.test_pause_read _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_read_exception _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestStream.test_readexactly_partial_exception _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestStream.test_readline_exception _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestStream.test_readline_timeout ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestStream.test_readuntil _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestStream.test_readuntil_bigger_than_window ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestStream.test_readuntil_empty_separator _________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_readuntil_regex ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________ ERROR at setup of _TestStream.test_readuntil_separator_list __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________________ ERROR at setup of _TestStream.test_shell ___________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestStream.test_shell_failure _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_shell_non_async ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestStream.test_unknown_action _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestStream.test_write_broken_pipe _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestStream.test_write_disconnect ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSubprocess.test_close _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestSubprocess.test_encoding ________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSubprocess.test_exec __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSubprocess.test_exit_status ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSubprocess.test_input _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSubprocess.test_misc __________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSubprocess.test_read_pause _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestSubprocess.test_redirect_stderr ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestSubprocess.test_shell _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestSubprocess.test_signal _________________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSubprocess.test_stdin_abort ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestSubprocess.test_stdin_close ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestTunTap.test_darwin_failover_to_utun __________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestTunTap.test_darwin_forward_tap _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestTunTap.test_darwin_forward_tun _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestTunTap.test_darwin_forward_utun ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestTunTap.test_darwin_open_tap ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTunTap.test_darwin_open_tap_error ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestTunTap.test_darwin_open_tap_unavailable ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestTunTap.test_darwin_open_tun ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTunTap.test_darwin_open_tun_error ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTunTap.test_darwin_open_tun_specific_unit _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_darwin_open_utun ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestTunTap.test_darwin_utun_all_in_use ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestTunTap.test_darwin_utun_in_use _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_invalid_tun_mode ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_linux_all_in_use ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_linux_forward_tap _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_linux_forward_tun _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestTunTap.test_linux_open_tap _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestTunTap.test_linux_open_tun _______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTunTap.test_linux_open_tun_error ____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTunTap.test_linux_open_tun_specific_unit ________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestTunTap.test_open_tun_denied ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTunTap.test_open_tun_echo_handler ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ___________ ERROR at setup of _TestTunTap.test_open_tun_echo_session ___________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______ ERROR at setup of _TestTunTap.test_open_tun_echo_session_channel _______ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_tun_forward_error _____________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestTunTap.test_unknown_platform ______________ cls = @classmethod def setUpClass(cls): """Set up event loop to run async tests and run async class setup""" super().setUpClass() if uvloop_available and os.environ.get('USE_UVLOOP'): # pragma: no cover cls.loop = uvloop.new_event_loop() else: cls.loop = asyncio.new_event_loop() asyncio.set_event_loop(cls.loop) try: > cls.loop.run_until_complete(cls.asyncSetUpClass()) /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_attach_failure ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX11.test_attach_lock_failure ______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_bad_auth_big _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_bad_auth_little ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestX11.test_connection_refused_big ____________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestX11.test_connection_refused_little ___________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestX11.test_consecutive_different_servers _________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX11.test_display_environment ______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_display_not_set ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_domain_socket _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_forward_big __________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_forward_little ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestX11.test_forwarding_denied _______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX11.test_forwarding_disabled ______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError __________ ERROR at setup of _TestX11.test_forwarding_ignore_failure ___________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestX11.test_forwarding_not_allowed ____________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_from_connect _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_invalid_display ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestX11.test_invalid_x11_forwarding_request ________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_ipv4_address _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_ipv6_address _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_local_server _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestX11.test_multiple_sessions _______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_no_xauth_match ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_open_failure _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX11.test_open_invalid_unicode _____________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _____________ ERROR at setup of _TestX11.test_selective_forwarding _____________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________ ERROR at setup of _TestX11.test_simultaneous_different_servers ________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ____________ ERROR at setup of _TestX11.test_simultaneous_sessions _____________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_unknown_action ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_wildcard_address _______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_xauth_corrupted ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _______________ ERROR at setup of _TestX11.test_xauth_dead_lock ________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_xauth_empty __________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ______________ ERROR at setup of _TestX11.test_xauth_environment _______________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_xauth_lookup _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError ________________ ERROR at setup of _TestX11.test_xauth_missing _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError _________________ ERROR at setup of _TestX11.test_xauth_update _________________ cls = @classmethod def setUpClass(cls): """Create Xauthority file needed for test""" > super().setUpClass() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/test_x11.py:268: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/util.py:429: in setUpClass cls.loop.run_until_complete(cls.asyncSetUpClass()) /usr/lib/python3.13/asyncio/base_events.py:720: in run_until_complete return future.result() /<>/.pybuild/cpython3_3.13_asyncssh/build/tests/server.py:115: in asyncSetUpClass ckey.write_private_key('ckey_encrypted', passphrase='passphrase') /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1299: in write_private_key write_file(filename, self.export_private_key(*args, **kwargs)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , format_name = 'openssh' passphrase = 'passphrase', cipher_name = 'aes256-cbc', hash_name = 'sha256' pbe_version = 2, rounds = 128, ignore_few_rounds = False def export_private_key(self, format_name: str = 'openssh', passphrase: Optional[BytesOrStr] = None, cipher_name: str = 'aes256-cbc', hash_name: str = 'sha256', pbe_version: int = 2, rounds: int = 128, ignore_few_rounds: bool = False) -> bytes: """Export a private key in the requested format This method returns this object's private key encoded in the requested format. If a passphrase is specified, the key will be exported in encrypted form. Available formats include: pkcs1-der, pkcs1-pem, pkcs8-der, pkcs8-pem, openssh By default, openssh format will be used. Encryption is supported in pkcs1-pem, pkcs8-der, pkcs8-pem, and openssh formats. For pkcs1-pem, only the cipher can be specified. For pkcs8-der and pkcs-8, cipher, hash and PBE version can be specified. For openssh, cipher and rounds can be specified. Available ciphers for pkcs1-pem are: aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc Available ciphers for pkcs8-der and pkcs8-pem are: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, rc4-128 Available ciphers for openssh format include the following :ref:`encryption algorithms `. Available hashes include: md5, sha1, sha256, sha384, sha512 Available PBE versions include 1 for PBES1 and 2 for PBES2. Not all combinations of cipher, hash, and version are supported. The default cipher is aes256. In the pkcs8 formats, the default hash is sha256 and default version is PBES2. In openssh format, the default number of rounds is 128. .. note:: The openssh format uses bcrypt for encryption, but unlike the traditional bcrypt cost factor used in password hashing which scales logarithmically, the encryption strength here scales linearly with the rounds value. Since the cipher is rekeyed 64 times per round, the default rounds value of 128 corresponds to 8192 total iterations, which is the equivalent of a bcrypt cost factor of 13. :param format_name: (optional) The format to export the key in. :param passphrase: (optional) A passphrase to encrypt the private key with. :param cipher_name: (optional) The cipher to use for private key encryption. :param hash_name: (optional) The hash to use for private key encryption. :param pbe_version: (optional) The PBE version to use for private key encryption. :param rounds: (optional) The number of KDF rounds to apply to the passphrase. :type format_name: `str` :type passphrase: `str` or `bytes` :type cipher_name: `str` :type hash_name: `str` :type pbe_version: `int` :type rounds: `int` :returns: `bytes` representing the exported private key """ if format_name in ('pkcs1-der', 'pkcs1-pem'): data = der_encode(self.encode_pkcs1_private()) if passphrase is not None: if format_name == 'pkcs1-der': raise KeyExportError('PKCS#1 DER format does not support ' 'private key encryption') alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase) headers = (b'Proc-Type: 4,ENCRYPTED\n' + b'DEK-Info: ' + alg + b',' + binascii.b2a_hex(iv).upper() + b'\n\n') else: headers = b'' if format_name == 'pkcs1-pem': keytype = self.pem_name + b' PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + headers + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name in ('pkcs8-der', 'pkcs8-pem'): alg_params, pkcs8_data = self.encode_pkcs8_private() if alg_params is OMIT: data = der_encode((0, (self.pkcs8_oid,), pkcs8_data)) else: data = der_encode((0, (self.pkcs8_oid, alg_params), pkcs8_data)) if passphrase is not None: data = pkcs8_encrypt(data, cipher_name, hash_name, pbe_version, passphrase) if format_name == 'pkcs8-pem': if passphrase is not None: keytype = b'ENCRYPTED PRIVATE KEY' else: keytype = b'PRIVATE KEY' data = (b'-----BEGIN ' + keytype + b'-----\n' + _wrap_base64(data) + b'-----END ' + keytype + b'-----\n') return data elif format_name == 'openssh': check = os.urandom(4) nkeys = 1 data = b''.join((check, check, self.private_data, String(self._comment or b''))) cipher: Optional[Encryption] if passphrase is not None: try: alg = cipher_name.encode('ascii') key_size, iv_size, block_size, _, _, _ = \ get_encryption_params(alg) except (KeyError, UnicodeEncodeError): raise KeyEncryptionError('Unknown cipher: ' + cipher_name) from None if not _bcrypt_available: # pragma: no cover > raise KeyExportError('OpenSSH private key encryption ' 'requires bcrypt with KDF support') E asyncssh.public_key.KeyExportError: OpenSSH private key encryption requires bcrypt with KDF support /<>/.pybuild/cpython3_3.13_asyncssh/build/asyncssh/public_key.py:1178: KeyExportError =========================== short test summary info ============================ ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding_failure - as... ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding_not_offered ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding_rejected - a... ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding_sock - async... ERROR tests/test_channel.py::_TestChannel::test_agent_forwarding_sock_failure ERROR tests/test_channel.py::_TestChannel::test_already_open - asyncssh.publi... ERROR tests/test_channel.py::_TestChannel::test_break - asyncssh.public_key.K... ERROR tests/test_channel.py::_TestChannel::test_close_during_startup - asyncs... ERROR tests/test_channel.py::_TestChannel::test_close_while_read_paused - asy... ERROR tests/test_channel.py::_TestChannel::test_conn_close_during_open - asyn... ERROR tests/test_channel.py::_TestChannel::test_conn_close_during_startup - a... ERROR tests/test_channel.py::_TestChannel::test_data_after_close - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_data_after_eof - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_data_past_window - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_delayed_channel_request - asy... ERROR tests/test_channel.py::_TestChannel::test_double_close - asyncssh.publi... ERROR tests/test_channel.py::_TestChannel::test_double_eof - asyncssh.public_... ERROR tests/test_channel.py::_TestChannel::test_empty_data - asyncssh.public_... ERROR tests/test_channel.py::_TestChannel::test_empty_write - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_env - asyncssh.public_key.Key... ERROR tests/test_channel.py::_TestChannel::test_env_binary_key - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_env_binary_value - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_env_from_connect - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_env_invalid_str - asyncssh.pu... ERROR tests/test_channel.py::_TestChannel::test_env_list - asyncssh.public_ke... ERROR tests/test_channel.py::_TestChannel::test_env_list_binary - asyncssh.pu... ERROR tests/test_channel.py::_TestChannel::test_env_non_string_key - asyncssh... ERROR tests/test_channel.py::_TestChannel::test_env_non_string_value - asyncs... ERROR tests/test_channel.py::_TestChannel::test_env_str - asyncssh.public_key... ERROR tests/test_channel.py::_TestChannel::test_env_str_cached - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_env_tuple - asyncssh.public_k... ERROR tests/test_channel.py::_TestChannel::test_exec - asyncssh.public_key.Ke... ERROR tests/test_channel.py::_TestChannel::test_exec_failure - asyncssh.publi... ERROR tests/test_channel.py::_TestChannel::test_exec_from_connect - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_exit_signal - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_exit_signal_after_close - asy... ERROR tests/test_channel.py::_TestChannel::test_exit_status - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_exit_status_after_close - asy... ERROR tests/test_channel.py::_TestChannel::test_ext_data_past_window - asyncs... ERROR tests/test_channel.py::_TestChannel::test_extended_data_after_eof - asy... ERROR tests/test_channel.py::_TestChannel::test_forced_exec - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_full_terminal_size_change - a... ERROR tests/test_channel.py::_TestChannel::test_inbound_conn_close_while_read_paused ERROR tests/test_channel.py::_TestChannel::test_invalid_channel_request - asy... ERROR tests/test_channel.py::_TestChannel::test_invalid_channel_response - as... ERROR tests/test_channel.py::_TestChannel::test_invalid_datatype - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_invalid_env - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_invalid_env_list - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_invalid_exec - asyncssh.publi... ERROR tests/test_channel.py::_TestChannel::test_invalid_exit_lang - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_invalid_exit_signal - asyncss... ERROR tests/test_channel.py::_TestChannel::test_invalid_open_confirmation - a... ERROR tests/test_channel.py::_TestChannel::test_invalid_open_failure - asyncs... ERROR tests/test_channel.py::_TestChannel::test_invalid_signal - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_invalid_subsystem - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_invalid_tcpip_listener - asyn... ERROR tests/test_channel.py::_TestChannel::test_invalid_term_type - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_invalid_terminal_modes - asyn... ERROR tests/test_channel.py::_TestChannel::test_invalid_terminal_size - async... ERROR tests/test_channel.py::_TestChannel::test_invalid_unix_listener - async... ERROR tests/test_channel.py::_TestChannel::test_invalid_write_extended - asyn... ERROR tests/test_channel.py::_TestChannel::test_keepalive - asyncssh.public_k... ERROR tests/test_channel.py::_TestChannel::test_kill - asyncssh.public_key.Ke... ERROR tests/test_channel.py::_TestChannel::test_late_auth_banner - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_mixed_env - asyncssh.public_k... ERROR tests/test_channel.py::_TestChannel::test_numeric_signal - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_outbound_conn_close_while_read_paused ERROR tests/test_channel.py::_TestChannel::test_partial_unicode - asyncssh.pu... ERROR tests/test_channel.py::_TestChannel::test_partial_unicode_at_eof - asyn... ERROR tests/test_channel.py::_TestChannel::test_pty_disallowed_by_cert - asyn... ERROR tests/test_channel.py::_TestChannel::test_pty_disallowed_by_session - a... ERROR tests/test_channel.py::_TestChannel::test_pty_without_term_type - async... ERROR tests/test_channel.py::_TestChannel::test_rejected_session - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_rejected_tap_request - asyncs... ERROR tests/test_channel.py::_TestChannel::test_rejected_tcpip_direct - async... ERROR tests/test_channel.py::_TestChannel::test_rejected_tun_request - asyncs... ERROR tests/test_channel.py::_TestChannel::test_rejected_unix_direct - asyncs... ERROR tests/test_channel.py::_TestChannel::test_request_after_close - asyncss... ERROR tests/test_channel.py::_TestChannel::test_request_pty - asyncssh.public... ERROR tests/test_channel.py::_TestChannel::test_send_env - asyncssh.public_ke... ERROR tests/test_channel.py::_TestChannel::test_send_env_binary - asyncssh.pu... ERROR tests/test_channel.py::_TestChannel::test_send_env_from_connect - async... ERROR tests/test_channel.py::_TestChannel::test_shell - asyncssh.public_key.K... ERROR tests/test_channel.py::_TestChannel::test_shell_failure - asyncssh.publ... ERROR tests/test_channel.py::_TestChannel::test_shell_internal_error - asyncs... ERROR tests/test_channel.py::_TestChannel::test_shell_large_block - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_signal - asyncssh.public_key.... ERROR tests/test_channel.py::_TestChannel::test_subsystem - asyncssh.public_k... ERROR tests/test_channel.py::_TestChannel::test_subsystem_failure - asyncssh.... ERROR tests/test_channel.py::_TestChannel::test_term_modes_incomplete - async... ERROR tests/test_channel.py::_TestChannel::test_term_modes_missing_end - asyn... ERROR tests/test_channel.py::_TestChannel::test_terminal_full_size - asyncssh... ERROR tests/test_channel.py::_TestChannel::test_terminal_size_change - asyncs... ERROR tests/test_channel.py::_TestChannel::test_terminate - asyncssh.public_k... ERROR tests/test_channel.py::_TestChannel::test_unexpected_userauth_request ERROR tests/test_channel.py::_TestChannel::test_unicode_error - asyncssh.publ... ERROR tests/test_channel.py::_TestChannel::test_unknown_action - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_unknown_channel_request - asy... ERROR tests/test_channel.py::_TestChannel::test_unknown_exit_signal - asyncss... ERROR tests/test_channel.py::_TestChannel::test_unknown_signal - asyncssh.pub... ERROR tests/test_channel.py::_TestChannel::test_unknown_tcpip_listener - asyn... ERROR tests/test_channel.py::_TestChannel::test_unknown_unix_listener - async... ERROR tests/test_channel.py::_TestChannel::test_unneeded_resume_reading - asy... ERROR tests/test_channel.py::_TestChannel::test_window_adjust_after_eof - asy... ERROR tests/test_channel.py::_TestChannel::test_write_buffer - asyncssh.publi... ERROR tests/test_channel.py::_TestChannel::test_xon_xoff_disable - asyncssh.p... ERROR tests/test_channel.py::_TestChannel::test_xon_xoff_enable - asyncssh.pu... ERROR tests/test_channel.py::_TestChannelNoPTY::test_exec_no_pty - asyncssh.p... ERROR tests/test_channel.py::_TestChannelNoPTY::test_exec_pty - asyncssh.publ... ERROR tests/test_channel.py::_TestChannelNoPTY::test_exec_pty_from_connect - ... ERROR tests/test_channel.py::_TestChannelNoPTY::test_shell_no_pty - asyncssh.... ERROR tests/test_channel.py::_TestChannelNoPTY::test_shell_pty - asyncssh.pub... ERROR tests/test_channel.py::_TestChannelNoAgentForwarding::test_agent_forwarding_disallowed ERROR tests/test_channel.py::_TestConnectionDropbearClient::test_dropbear_client ERROR tests/test_channel.py::_TestConnectionDropbearServer::test_dropbear_server ERROR tests/test_connection.py::_TestConnection::test_banner_before_version ERROR tests/test_connection.py::_TestConnection::test_banner_line_too_long - ... ERROR tests/test_connection.py::_TestConnection::test_changing_server_host_key ERROR tests/test_connection.py::_TestConnection::test_client_decompression_failure ERROR tests/test_connection.py::_TestConnection::test_client_keepalive - asyn... ERROR tests/test_connection.py::_TestConnection::test_client_keepalive_failure ERROR tests/test_connection.py::_TestConnection::test_client_keepalive_string ERROR tests/test_connection.py::_TestConnection::test_client_set_invalid_keepalive_count_max ERROR tests/test_connection.py::_TestConnection::test_client_set_invalid_keepalive_interval ERROR tests/test_connection.py::_TestConnection::test_client_set_keepalive_count_max ERROR tests/test_connection.py::_TestConnection::test_client_set_keepalive_interval ERROR tests/test_connection.py::_TestConnection::test_compression_algs - asyn... ERROR tests/test_connection.py::_TestConnection::test_connect - asyncssh.publ... ERROR tests/test_connection.py::_TestConnection::test_connect_encrypted_key ERROR tests/test_connection.py::_TestConnection::test_connect_failure - async... ERROR tests/test_connection.py::_TestConnection::test_connect_failure_without_agent ERROR tests/test_connection.py::_TestConnection::test_connect_invalid_option_name ERROR tests/test_connection.py::_TestConnection::test_connect_invalid_options_type ERROR tests/test_connection.py::_TestConnection::test_connect_non_tcp_sock - ... ERROR tests/test_connection.py::_TestConnection::test_connect_sock - asyncssh... ERROR tests/test_connection.py::_TestConnection::test_connect_tcp_keepalive_off ERROR tests/test_connection.py::_TestConnection::test_connect_timeout_exceeded ERROR tests/test_connection.py::_TestConnection::test_connect_timeout_exceeded_string ERROR tests/test_connection.py::_TestConnection::test_connect_timeout_exceeded_tunnel ERROR tests/test_connection.py::_TestConnection::test_debug - asyncssh.public... ERROR tests/test_connection.py::_TestConnection::test_disconnect - asyncssh.p... ERROR tests/test_connection.py::_TestConnection::test_duplicate_encryption_algs ERROR tests/test_connection.py::_TestConnection::test_duplicate_type_server_host_keys ERROR tests/test_connection.py::_TestConnection::test_empty_encryption_algs ERROR tests/test_connection.py::_TestConnection::test_empty_kex_algs - asyncs... ERROR tests/test_connection.py::_TestConnection::test_empty_known_hosts - asy... ERROR tests/test_connection.py::_TestConnection::test_empty_mac_algs - asyncs... ERROR tests/test_connection.py::_TestConnection::test_encryption_algs - async... ERROR tests/test_connection.py::_TestConnection::test_extra_userauth_request ERROR tests/test_connection.py::_TestConnection::test_gcm_verify_error - asyn... ERROR tests/test_connection.py::_TestConnection::test_get_server_host_key - a... ERROR tests/test_connection.py::_TestConnection::test_get_server_host_key_connect_failure ERROR tests/test_connection.py::_TestConnection::test_get_server_host_key_proxy ERROR tests/test_connection.py::_TestConnection::test_get_server_host_key_proxy_failure ERROR tests/test_connection.py::_TestConnection::test_get_server_host_key_tunnel ERROR tests/test_connection.py::_TestConnection::test_import_known_hosts - as... ERROR tests/test_connection.py::_TestConnection::test_internal_error - asyncs... ERROR tests/test_connection.py::_TestConnection::test_invalid_channel_open - ... ERROR tests/test_connection.py::_TestConnection::test_invalid_channel_open_confirmation_number ERROR tests/test_connection.py::_TestConnection::test_invalid_channel_open_failure_language ERROR tests/test_connection.py::_TestConnection::test_invalid_channel_open_failure_number ERROR tests/test_connection.py::_TestConnection::test_invalid_channel_open_failure_reason ERROR tests/test_connection.py::_TestConnection::test_invalid_client_keepalive ERROR tests/test_connection.py::_TestConnection::test_invalid_client_keepalive_count_max ERROR tests/test_connection.py::_TestConnection::test_invalid_cmp_alg - async... ERROR tests/test_connection.py::_TestConnection::test_invalid_connect_timeout ERROR tests/test_connection.py::_TestConnection::test_invalid_data_channel_number ERROR tests/test_connection.py::_TestConnection::test_invalid_debug - asyncss... ERROR tests/test_connection.py::_TestConnection::test_invalid_disconnect - as... ERROR tests/test_connection.py::_TestConnection::test_invalid_encryption_alg ERROR tests/test_connection.py::_TestConnection::test_invalid_global_request ERROR tests/test_connection.py::_TestConnection::test_invalid_kex_alg - async... ERROR tests/test_connection.py::_TestConnection::test_invalid_kex_alg_config ERROR tests/test_connection.py::_TestConnection::test_invalid_kex_alg_str - a... ERROR tests/test_connection.py::_TestConnection::test_invalid_mac_alg - async... ERROR tests/test_connection.py::_TestConnection::test_invalid_newkeys - async... ERROR tests/test_connection.py::_TestConnection::test_invalid_rekey_bytes - a... ERROR tests/test_connection.py::_TestConnection::test_invalid_rekey_seconds ERROR tests/test_connection.py::_TestConnection::test_invalid_server_host_key ERROR tests/test_connection.py::_TestConnection::test_invalid_userauth_service ERROR tests/test_connection.py::_TestConnection::test_invalid_username - asyn... ERROR tests/test_connection.py::_TestConnection::test_kex_after_kex_complete ERROR tests/test_connection.py::_TestConnection::test_kex_algs - asyncssh.pub... ERROR tests/test_connection.py::_TestConnection::test_kex_in_progress - async... ERROR tests/test_connection.py::_TestConnection::test_known_hosts_bytes - asy... ERROR tests/test_connection.py::_TestConnection::test_known_hosts_ca - asyncs... ERROR tests/test_connection.py::_TestConnection::test_known_hosts_keylist_file ERROR tests/test_connection.py::_TestConnection::test_known_hosts_multiple_keys ERROR tests/test_connection.py::_TestConnection::test_known_hosts_none - asyn... ERROR tests/test_connection.py::_TestConnection::test_known_hosts_none_in_config ERROR tests/test_connection.py::_TestConnection::test_known_hosts_none_without_x509 ERROR tests/test_connection.py::_TestConnection::test_known_hosts_not_present ERROR tests/test_connection.py::_TestConnection::test_known_hosts_not_readable ERROR tests/test_connection.py::_TestConnection::test_known_hosts_sshkeys - a... ERROR tests/test_connection.py::_TestConnection::test_late_userauth_request ERROR tests/test_connection.py::_TestConnection::test_leading_encryption_alg ERROR tests/test_connection.py::_TestConnection::test_mac_algs - asyncssh.pub... ERROR tests/test_connection.py::_TestConnection::test_mac_verify_error - asyn... ERROR tests/test_connection.py::_TestConnection::test_message_before_kexinit_strict_kex ERROR tests/test_connection.py::_TestConnection::test_message_during_kex_strict_kex ERROR tests/test_connection.py::_TestConnection::test_missing_data_channel_number ERROR tests/test_connection.py::_TestConnection::test_no_compression - asyncs... ERROR tests/test_connection.py::_TestConnection::test_no_local_username - asy... ERROR tests/test_connection.py::_TestConnection::test_no_matching_host_key_algs ERROR tests/test_connection.py::_TestConnection::test_no_matching_kex_algs - ... ERROR tests/test_connection.py::_TestConnection::test_no_server_host_keys - a... ERROR tests/test_connection.py::_TestConnection::test_packet_decode_error - a... ERROR tests/test_connection.py::_TestConnection::test_read_known_hosts - asyn... ERROR tests/test_connection.py::_TestConnection::test_read_known_hosts_filelist ERROR tests/test_connection.py::_TestConnection::test_rekey_bytes - asyncssh.... ERROR tests/test_connection.py::_TestConnection::test_rekey_bytes_string - as... ERROR tests/test_connection.py::_TestConnection::test_rekey_seconds - asyncss... ERROR tests/test_connection.py::_TestConnection::test_rekey_seconds_string - ... ERROR tests/test_connection.py::_TestConnection::test_rekey_time_disabled - a... ERROR tests/test_connection.py::_TestConnection::test_removing_encryption_alg ERROR tests/test_connection.py::_TestConnection::test_reserved_server_host_keys ERROR tests/test_connection.py::_TestConnection::test_revoked_known_hosts_ca ERROR tests/test_connection.py::_TestConnection::test_revoked_known_hosts_key ERROR tests/test_connection.py::_TestConnection::test_run_client - asyncssh.p... ERROR tests/test_connection.py::_TestConnection::test_server_ext_info - async... ERROR tests/test_connection.py::_TestConnection::test_service_accept_before_kex_complete ERROR tests/test_connection.py::_TestConnection::test_service_accept_from_client ERROR tests/test_connection.py::_TestConnection::test_service_request_before_kex_complete ERROR tests/test_connection.py::_TestConnection::test_service_request_from_server ERROR tests/test_connection.py::_TestConnection::test_split_version - asyncss... ERROR tests/test_connection.py::_TestConnection::test_too_many_banner_lines ERROR tests/test_connection.py::_TestConnection::test_trailing_encryption_alg ERROR tests/test_connection.py::_TestConnection::test_unexpected_global_response ERROR tests/test_connection.py::_TestConnection::test_unexpected_service_name_in_accept ERROR tests/test_connection.py::_TestConnection::test_unexpected_service_name_in_request ERROR tests/test_connection.py::_TestConnection::test_unexpected_userauth_banner ERROR tests/test_connection.py::_TestConnection::test_unexpected_userauth_failure ERROR tests/test_connection.py::_TestConnection::test_unexpected_userauth_success ERROR tests/test_connection.py::_TestConnection::test_unknown_channel_type - ... ERROR tests/test_connection.py::_TestConnection::test_unknown_ext_info - asyn... ERROR tests/test_connection.py::_TestConnection::test_unknown_message_during_kex_strict_kex ERROR tests/test_connection.py::_TestConnection::test_unknown_packet - asyncs... ERROR tests/test_connection.py::_TestConnection::test_unknown_version - async... ERROR tests/test_connection.py::_TestConnection::test_unsupported_kex_alg - a... ERROR tests/test_connection.py::_TestConnection::test_untrusted_host_ca_callback ERROR tests/test_connection.py::_TestConnection::test_untrusted_host_key_callback ERROR tests/test_connection.py::_TestConnection::test_untrusted_known_hosts_ca ERROR tests/test_connection.py::_TestConnection::test_userauth_after_auth_complete ERROR tests/test_connection.py::_TestConnection::test_userauth_before_kex_complete ERROR tests/test_connection.py::_TestConnection::test_username_too_long - asy... ERROR tests/test_connection.py::_TestConnection::test_validate_host_ca_callback ERROR tests/test_connection.py::_TestConnection::test_version_1_99 - asyncssh... ERROR tests/test_connection.py::_TestConnection::test_version_line_too_long ERROR tests/test_connection.py::_TestConnection::test_version_without_cr - as... ERROR tests/test_connection.py::_TestConnectionNoStrictKex::test_message_before_kexinit ERROR tests/test_connection.py::_TestConnectionNoStrictKex::test_message_during_kex ERROR tests/test_connection.py::_TestConnectionNoStrictKex::test_sequence_wrap_during_kex ERROR tests/test_connection.py::_TestConnectionNoStrictKex::test_skip_ext_info ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_added ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_bad_signature ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_handler_disabled ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_prove_failed ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_removed ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_host_key_revoked ERROR tests/test_connection.py::_TestConnectionHostKeysHandler::test_no_trusted_hosts ERROR tests/test_connection.py::_TestConnectionListenSock::test_connect - asy... ERROR tests/test_connection.py::_TestConnectionAsyncAcceptor::test_connect - ... ERROR tests/test_connection.py::_TestConnectionServerCerts::test_connect - as... ERROR tests/test_connection.py::_TestConnectionReverse::test_connect_reverse ERROR tests/test_connection.py::_TestConnectionReverse::test_connect_reverse_no_server_host_keys ERROR tests/test_connection.py::_TestConnectionReverse::test_connect_reverse_options ERROR tests/test_connection.py::_TestConnectionReverse::test_connect_reverse_proxy ERROR tests/test_connection.py::_TestConnectionReverse::test_connect_reverse_sock ERROR tests/test_connection.py::_TestConnectionReverse::test_run_server - asy... ERROR tests/test_connection.py::_TestConnectionReverseAsyncAcceptor::test_connect_reverse_async_acceptor ERROR tests/test_connection.py::_TestConnectionReverseFailed::test_connect_failed ERROR tests/test_connection.py::_TestConnectionKeepalive::test_server_keepalive ERROR tests/test_connection.py::_TestConnectionKeepalive::test_server_keepalive_failure ERROR tests/test_connection.py::_TestConnectionAbort::test_abort - asyncssh.p... ERROR tests/test_connection.py::_TestDuringAuth::test_close_during_auth - asy... ERROR tests/test_connection.py::_TestDuringAuth::test_request_during_auth - a... ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_disabled ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_revoked_self ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_revoked_subject ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_self ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_trusted_subject ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_untrusted_self ERROR tests/test_connection.py::_TestServerX509Self::test_connect_x509_untrusted_subject ERROR tests/test_connection.py::_TestServerX509Self::test_trusted_x509_certs_not_readable ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_chain ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_chain_cert_path ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_openssh_known_hosts_revoked ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_openssh_known_hosts_trusted ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_openssh_x509_trusted ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_revoked_intermediate ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_untrusted_root ERROR tests/test_connection.py::_TestServerX509Chain::test_connect_x509_untrusted_root_cert_path ERROR tests/test_connection.py::_TestServerX509Chain::test_invalid_x509_path ERROR tests/test_connection.py::_TestServerNoHostKey::test_dh_with_no_host_key ERROR tests/test_connection.py::_TestServerNoHostKey::test_gss_with_no_host_key ERROR tests/test_connection.py::_TestServerWithoutCert::test_default_server_host_keys ERROR tests/test_connection.py::_TestServerWithoutCert::test_known_hosts_none_with_key ERROR tests/test_connection.py::_TestServerWithoutCert::test_untrusted_known_hosts_key ERROR tests/test_connection.py::_TestServerWithoutCert::test_validate_host_key_callback ERROR tests/test_connection.py::_TestServerWithoutCert::test_validate_host_key_callback_with_algs ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_cert_match - asy... ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_cert_match_config ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_key_match - asyn... ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_key_match_config ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_key_mismatch - a... ERROR tests/test_connection.py::_TestHostKeyAlias::test_host_key_unknown - as... ERROR tests/test_connection.py::_TestServerInternalError::test_server_internal_error ERROR tests/test_connection.py::_TestInvalidAuthBanner::test_invalid_auth_banner ERROR tests/test_connection.py::_TestExpiredServerHostCertificate::test_expired_server_host_cert ERROR tests/test_connection.py::_TestExpiredServerHostCertificate::test_known_hosts_none_with_expired_cert ERROR tests/test_connection.py::_TestCustomClientVersion::test_custom_client_version ERROR tests/test_connection.py::_TestCustomClientVersion::test_custom_client_version_bytes ERROR tests/test_connection.py::_TestCustomClientVersion::test_long_client_version ERROR tests/test_connection.py::_TestCustomClientVersion::test_nonprintable_client_version ERROR tests/test_connection.py::_TestCustomServerVersion::test_custom_server_version ERROR tests/test_connection.py::_TestCustomServerVersion::test_long_server_version ERROR tests/test_connection.py::_TestCustomServerVersion::test_nonprintable_server_version ERROR tests/test_connection.py::_TestReverseDNS::test_reverse_dns - asyncssh.... ERROR tests/test_connection.py::_TestListenerContextManager::test_ssh_listen_context_manager ERROR tests/test_connection_auth.py::_TestNullAuth::test_disabled_auth - asyn... ERROR tests/test_connection_auth.py::_TestNullAuth::test_disabled_trivial_auth ERROR tests/test_connection_auth.py::_TestNullAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestGSSAuth::test_disabled_trivial_gss_kex_auth ERROR tests/test_connection_auth.py::_TestGSSAuth::test_disabled_trivial_gss_mic_auth ERROR tests/test_connection_auth.py::_TestGSSAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_auth_disabled - a... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_auth_unavailable ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_client_error - as... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_delegate - asyncs... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_kex_auth - asyncs... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_kex_disabled - as... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_mic_auth - asyncs... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_mic_auth_sign_error ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_mic_auth_store - ... ERROR tests/test_connection_auth.py::_TestGSSAuth::test_gss_mic_auth_verify_error ERROR tests/test_connection_auth.py::_TestGSSServerAuthDisabled::test_gss_auth_unavailable ERROR tests/test_connection_auth.py::_TestGSSServerAuthDisabled::test_gss_kex_unavailable ERROR tests/test_connection_auth.py::_TestGSSServerError::test_gss_server_error ERROR tests/test_connection_auth.py::_TestGSSFQDN::test_gss_fqdn_lookup - asy... ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_auth ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_auth_disabled ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_key_bytes ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_key_keypairs ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_key_sshkey ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_signature_algs ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_client_host_trailing_dot ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_disabled_trivial_client_host_auth ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_expired_cert - ... ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_get_server_auth_methods_no_sockname ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_invalid_client_host_signature ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_invalid_client_username ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_mismatched_client_host ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_mismatched_client_username ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_missing_cert - ... ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_no_server_signature_algs ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_untrusted_ca - ... ERROR tests/test_connection_auth.py::_TestHostBasedAuth::test_untrusted_client_host_key ERROR tests/test_connection_auth.py::_TestHostBasedAuthNoRDNS::test_client_host_auth_no_rdns ERROR tests/test_connection_auth.py::_TestCallbackHostBasedAuth::test_untrusted_client_host_ca_callback ERROR tests/test_connection_auth.py::_TestCallbackHostBasedAuth::test_untrusted_client_host_callback ERROR tests/test_connection_auth.py::_TestCallbackHostBasedAuth::test_validate_client_host_ca_callback ERROR tests/test_connection_auth.py::_TestCallbackHostBasedAuth::test_validate_client_host_callback ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_explciit_keysign ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_explicit_keysign_not_found ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_invalid_keysign_response ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_invalid_keysign_version ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_keysign ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_keysign_dir_not_present ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_keysign_error ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_keysign_explicit_host_keys ERROR tests/test_connection_auth.py::_TestKeysignHostBasedAuth::test_keysign_not_found ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_auth ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_auth_disabled ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_key_bytes ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_key_keypairs ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_key_sshkey ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_signature_algs ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_client_host_trailing_dot ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_disabled_trivial_client_host_auth ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_expired_cert ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_get_server_auth_methods_no_sockname ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_invalid_client_host_signature ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_invalid_client_username ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_mismatched_client_host ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_mismatched_client_username ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_missing_cert ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_no_server_signature_algs ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_untrusted_ca ERROR tests/test_connection_auth.py::_TestHostBasedAsyncServerAuth::test_untrusted_client_host_key ERROR tests/test_connection_auth.py::_TestLimitedHostBasedSignatureAlgs::test_host_signature_alg_fallback ERROR tests/test_connection_auth.py::_TestLimitedHostBasedSignatureAlgs::test_mismatched_host_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_auth - as... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_auth_failure ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_auth_unset ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_identities ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_identities_config ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_identities_config_default_keys ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_keypair_with_replaced_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_agent_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_allowed_address ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_callback - asyn... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_callback_sshkeypair ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_callback_untrusted_client_key ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_client_certs - ... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_client_key_agent_keypairs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_client_key_bytes ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_client_key_keypairs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_client_key_sshkey ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_default_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_disabled_trivial_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_disallowed_address ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_awaitable ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_bad_passphrase ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_callable ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_list_awaitable ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_list_callable ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_encrypted_client_key_missing_passphrase ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_expired_cert - ... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_invalid_default_key ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_keypair_with_replaced_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_mismatched_ca ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_missing_cert - ... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_no_server_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_public_key_auth_disabled ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_public_key_auth_not_preferred ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_public_key_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_unknown_auth - ... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_untrusted_ca - ... ERROR tests/test_connection_auth.py::_TestPublicKeyAuth::test_untrusted_client_key ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_auth_failure ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_auth_unset ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_identities ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_identities_config ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_identities_config_default_keys ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_keypair_with_replaced_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_agent_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_allowed_address ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_callback ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_callback_sshkeypair ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_callback_untrusted_client_key ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_client_certs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_client_key_agent_keypairs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_client_key_bytes ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_client_key_keypairs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_client_key_sshkey ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_default_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_disabled_trivial_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_disallowed_address ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_awaitable ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_bad_passphrase ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_callable ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_list_awaitable ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_list_callable ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_encrypted_client_key_missing_passphrase ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_expired_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_invalid_default_key ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_keypair_with_replaced_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_mismatched_ca ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_missing_cert ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_no_server_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_public_key_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_public_key_auth_disabled ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_public_key_auth_not_preferred ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_public_key_signature_algs ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_unknown_auth ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_untrusted_ca ERROR tests/test_connection_auth.py::_TestPublicKeyAsyncServerAuth::test_untrusted_client_key ERROR tests/test_connection_auth.py::_TestLimitedPublicKeySignatureAlgs::test_mismatched_client_signature_algs ERROR tests/test_connection_auth.py::_TestSetAuthorizedKeys::test_cert_principals ERROR tests/test_connection_auth.py::_TestSetAuthorizedKeys::test_set_authorized_keys ERROR tests/test_connection_auth.py::_TestPreloadedAuthorizedKeys::test_pre_loaded_authorized_keys ERROR tests/test_connection_auth.py::_TestPreloadedAuthorizedKeysFileList::test_pre_loaded_authorized_keys ERROR tests/test_connection_auth.py::_TestX509Auth::test_agent_keypair_with_x509_cert ERROR tests/test_connection_auth.py::_TestX509Auth::test_disabled_trivial_x509_auth ERROR tests/test_connection_auth.py::_TestX509Auth::test_keypair_with_x509_cert ERROR tests/test_connection_auth.py::_TestX509Auth::test_x509_chain - asyncss... ERROR tests/test_connection_auth.py::_TestX509Auth::test_x509_incomplete_chain ERROR tests/test_connection_auth.py::_TestX509Auth::test_x509_self - asyncssh... ERROR tests/test_connection_auth.py::_TestX509Auth::test_x509_untrusted_cert ERROR tests/test_connection_auth.py::_TestX509AuthDisabled::test_failed_x509_auth ERROR tests/test_connection_auth.py::_TestX509AuthDisabled::test_non_x509 - a... ERROR tests/test_connection_auth.py::_TestX509Subject::test_x509_subject - as... ERROR tests/test_connection_auth.py::_TestX509Untrusted::test_x509_untrusted ERROR tests/test_connection_auth.py::_TestX509Disabled::test_x509_disabled - ... ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_disabled_trivial_password_auth ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_disabled_trivial_password_change ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth - ... ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_async_callable ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_awaitable ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_callable ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_callback ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_callback_failure ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_disabled ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_auth_failure ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_change ERROR tests/test_connection_auth.py::_TestPasswordAuth::test_password_change_failure ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_disabled_trivial_password_auth ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_disabled_trivial_password_change ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_async_callable ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_awaitable ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_callable ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_callback ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_callback_failure ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_disabled ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_auth_failure ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_change ERROR tests/test_connection_auth.py::_TestPasswordAsyncServerAuth::test_password_change_failure ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_disabled_trivial_kbdint_auth ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_disabled_trivial_kbdint_no_prompts ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_callback ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_callback_failure ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_callback_multi ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_disabled ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_failure ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_multi_not_password ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_no_prompts ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_not_password ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_passcode ERROR tests/test_connection_auth.py::_TestKbdintAuth::test_kbdint_auth_password ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_disabled_trivial_kbdint_auth ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_disabled_trivial_kbdint_no_prompts ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_get_server_auth_methods ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_callback ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_callback_failure ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_callback_multi ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_disabled ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_failure ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_multi_not_password ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_no_prompts ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_not_password ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_passcode ERROR tests/test_connection_auth.py::_TestKbdintAsyncServerAuth::test_kbdint_auth_password ERROR tests/test_connection_auth.py::_TestKbdintPasswordServerAuth::test_kbdint_password_auth ERROR tests/test_connection_auth.py::_TestKbdintPasswordServerAuth::test_kbdint_password_auth_multiple_responses ERROR tests/test_connection_auth.py::_TestKbdintPasswordServerAuth::test_kbdint_password_change ERROR tests/test_connection_auth.py::_TestClientLoginTimeout::test_client_login_timeout_exceeded ERROR tests/test_connection_auth.py::_TestClientLoginTimeout::test_client_login_timeout_exceeded_string ERROR tests/test_connection_auth.py::_TestClientLoginTimeout::test_invalid_client_login_timeout ERROR tests/test_connection_auth.py::_TestServerLoginTimeoutExceeded::test_server_login_timeout_exceeded ERROR tests/test_connection_auth.py::_TestServerLoginTimeoutDisabled::test_server_login_timeout_disabled ERROR tests/test_editor.py::_TestEditor::test_change_width - asyncssh.public_... ERROR tests/test_editor.py::_TestEditor::test_change_width_non_wrap - asyncss... ERROR tests/test_editor.py::_TestEditor::test_editor - asyncssh.public_key.Ke... ERROR tests/test_editor.py::_TestEditor::test_editor_clear_input - asyncssh.p... ERROR tests/test_editor.py::_TestEditor::test_editor_echo_off - asyncssh.publ... ERROR tests/test_editor.py::_TestEditor::test_editor_echo_on - asyncssh.publi... ERROR tests/test_editor.py::_TestEditor::test_editor_line_mode_off - asyncssh... ERROR tests/test_editor.py::_TestEditor::test_no_terminal - asyncssh.public_k... ERROR tests/test_editor.py::_TestEditor::test_non_wrap - asyncssh.public_key.... ERROR tests/test_editor.py::_TestEditor::test_unknown_signal - asyncssh.publi... ERROR tests/test_editor.py::_TestEditorDisabled::test_editor_disabled - async... ERROR tests/test_editor.py::_TestEditorEncodingNone::test_change_width - asyn... ERROR tests/test_editor.py::_TestEditorEncodingNone::test_editor_disabled_encoding_none ERROR tests/test_editor.py::_TestEditorUnlimitedLength::test_editor_unlimited_length ERROR tests/test_editor.py::_TestEditorANSI::test_editor_ansi - asyncssh.publ... ERROR tests/test_editor.py::_TestEditorOutputWrap::test_editor_output_wrap - ... ERROR tests/test_editor.py::_TestEditorSoftEOF::test_editor_soft_eof - asyncs... ERROR tests/test_editor.py::_TestEditorRegisterKey::test_editor_register_key ERROR tests/test_editor.py::_TestEditorRegisterKey::test_editor_signal - asyn... ERROR tests/test_editor.py::_TestEditorLineEcho::test_editor_line_echo - asyn... ERROR tests/test_forward.py::_TestTCPForwarding::test_add_channel_after_close ERROR tests/test_forward.py::_TestTCPForwarding::test_async_runtime_error - a... ERROR tests/test_forward.py::_TestTCPForwarding::test_cancel_forward_remote_port_invalid_unicode ERROR tests/test_forward.py::_TestTCPForwarding::test_connection - asyncssh.p... ERROR tests/test_forward.py::_TestTCPForwarding::test_connection_failure - as... ERROR tests/test_forward.py::_TestTCPForwarding::test_connection_invalid_unicode ERROR tests/test_forward.py::_TestTCPForwarding::test_connection_not_permitted ERROR tests/test_forward.py::_TestTCPForwarding::test_connection_not_permitted_open ERROR tests/test_forward.py::_TestTCPForwarding::test_connection_rejected - a... ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_bind_error_ipv4 ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_bind_error_ipv6 ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_connect_error ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_immediate_eof ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_path_to_port ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_path_to_port_failure ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_port - as... ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_port_accept_handler ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_port_accept_handler_denial ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_port_failure ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_local_port_pause ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_port_to_path_bind_error ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_port - a... ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_port_failure ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_port_invalid_unicode ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_port_not_permitted ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_port_to_path ERROR tests/test_forward.py::_TestTCPForwarding::test_forward_remote_specific_port ERROR tests/test_forward.py::_TestTCPForwarding::test_listener_close_on_conn_close ERROR tests/test_forward.py::_TestTCPForwarding::test_multiple_global_requests ERROR tests/test_forward.py::_TestTCPForwarding::test_proxy_jump - asyncssh.p... ERROR tests/test_forward.py::_TestTCPForwarding::test_proxy_jump_encrypted_key ERROR tests/test_forward.py::_TestTCPForwarding::test_proxy_jump_encrypted_key_missing_passphrase ERROR tests/test_forward.py::_TestTCPForwarding::test_proxy_jump_multiple - a... ERROR tests/test_forward.py::_TestTCPForwarding::test_server - asyncssh.publi... ERROR tests/test_forward.py::_TestTCPForwarding::test_server_context_manager ERROR tests/test_forward.py::_TestTCPForwarding::test_server_failure - asyncs... ERROR tests/test_forward.py::_TestTCPForwarding::test_server_non_async - asyn... ERROR tests/test_forward.py::_TestTCPForwarding::test_server_open - asyncssh.... ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_connect_reverse_tunnel ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_connect_tunnel - as... ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_connect_tunnel_string ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_connect_tunnel_string_failed ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_create_tunnel - asy... ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_listen_reverse_tunnel ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_listen_tunnel - asy... ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_listen_tunnel_default_port ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_listen_tunnel_string ERROR tests/test_forward.py::_TestTCPForwarding::test_ssh_listen_tunnel_string_failed ERROR tests/test_forward.py::_TestTCPForwardingAcceptHandler::test_forward_remote_port_accept_handler ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_add_channel_after_close ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_async_runtime_error ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_cancel_forward_remote_port_invalid_unicode ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection - async... ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection_failure ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection_invalid_unicode ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection_not_permitted ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection_not_permitted_open ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_connection_rejected ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_bind_error_ipv4 ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_bind_error_ipv6 ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_connect_error ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_immediate_eof ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_path_to_port ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_path_to_port_failure ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_port ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_port_accept_handler ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_port_accept_handler_denial ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_port_failure ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_local_port_pause ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_port_to_path_bind_error ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_port ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_port_failure ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_port_invalid_unicode ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_port_not_permitted ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_port_to_path ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_forward_remote_specific_port ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_listener_close_on_conn_close ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_multiple_global_requests ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_proxy_jump - async... ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_proxy_jump_encrypted_key ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_proxy_jump_encrypted_key_missing_passphrase ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_proxy_jump_multiple ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_server - asyncssh.... ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_server_context_manager ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_server_failure - a... ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_server_non_async ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_server_open - asyn... ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_connect_reverse_tunnel ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_connect_tunnel ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_connect_tunnel_string ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_connect_tunnel_string_failed ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_create_tunnel ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_listen_reverse_tunnel ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_listen_tunnel ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_listen_tunnel_default_port ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_listen_tunnel_string ERROR tests/test_forward.py::_TestAsyncTCPForwarding::test_ssh_listen_tunnel_string_failed ERROR tests/test_forward.py::_TestUNIXForwarding::test_cancel_forward_remote_path_invalid_unicode ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_local_path - a... ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_local_port_to_path ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_local_port_to_path_accept_handler ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_local_port_to_path_accept_handler_denial ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_remote_path - ... ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_remote_path_failure ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_remote_path_invalid_unicode ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_remote_path_not_permitted ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_remote_path_to_port ERROR tests/test_forward.py::_TestUNIXForwarding::test_forward_specific_local_port_to_path ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_connection - asyn... ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_connection_failure ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_connection_invalid_unicode ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_connection_not_permitted ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_connection_rejected ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_server - asyncssh... ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_server_failure - ... ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_server_non_async ERROR tests/test_forward.py::_TestUNIXForwarding::test_unix_server_open - asy... ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_cancel_forward_remote_path_invalid_unicode ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_local_path ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_local_port_to_path ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_local_port_to_path_accept_handler ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_local_port_to_path_accept_handler_denial ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_remote_path ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_remote_path_failure ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_remote_path_invalid_unicode ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_remote_path_not_permitted ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_remote_path_to_port ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_forward_specific_local_port_to_path ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_connection ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_connection_failure ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_connection_invalid_unicode ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_connection_not_permitted ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_connection_rejected ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_server - asy... ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_server_failure ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_server_non_async ERROR tests/test_forward.py::_TestAsyncUNIXForwarding::test_unix_server_open ERROR tests/test_forward.py::_TestSOCKSForwarding::test_forward_bind_error_socks ERROR tests/test_forward.py::_TestSOCKSForwarding::test_forward_socks - async... ERROR tests/test_forward.py::_TestSOCKSForwarding::test_forward_socks_specific_port ERROR tests/test_logging.py::_TestLogging::test_channel_log - asyncssh.public... ERROR tests/test_logging.py::_TestLogging::test_connection_log - asyncssh.pub... ERROR tests/test_logging.py::_TestLogging::test_debug_levels - asyncssh.publi... ERROR tests/test_logging.py::_TestLogging::test_invalid_debug_level - asyncss... ERROR tests/test_logging.py::_TestLogging::test_logging - asyncssh.public_key... ERROR tests/test_logging.py::_TestLogging::test_packet_logging - asyncssh.pub... ERROR tests/test_logging.py::_TestLogging::test_process_log - asyncssh.public... ERROR tests/test_logging.py::_TestLogging::test_sftp_log - asyncssh.public_ke... ERROR tests/test_logging.py::_TestLogging::test_stream_log - asyncssh.public_... ERROR tests/test_pkcs11.py::_TestPKCS11TokenNotFound::test_key_not_found - as... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_load_keys - asyncssh.public... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_load_keys_without_certs - a... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_key_id - asyncssh.pub... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_key_id_bytes - asyncs... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_key_label - asyncssh.... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_token_label - asyncss... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_token_serial - asyncs... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_match_token_serial_bytes - ... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_pkcs11_auth - asyncssh.publ... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_pkcs11_load_keys - asyncssh... ERROR tests/test_pkcs11.py::_TestPKCS11Auth::test_pkcs11_with_replaced_cert ERROR tests/test_process.py::_TestProcessBasic::test_break - asyncssh.public_... ERROR tests/test_process.py::_TestProcessBasic::test_change_terminal_size - a... ERROR tests/test_process.py::_TestProcessBasic::test_command - asyncssh.publi... ERROR tests/test_process.py::_TestProcessBasic::test_communicate - asyncssh.p... ERROR tests/test_process.py::_TestProcessBasic::test_communicate_paused - asy... ERROR tests/test_process.py::_TestProcessBasic::test_disconnect - asyncssh.pu... ERROR tests/test_process.py::_TestProcessBasic::test_env - asyncssh.public_ke... ERROR tests/test_process.py::_TestProcessBasic::test_exit_signal - asyncssh.p... ERROR tests/test_process.py::_TestProcessBasic::test_exit_status - asyncssh.p... ERROR tests/test_process.py::_TestProcessBasic::test_get_extra_info - asyncss... ERROR tests/test_process.py::_TestProcessBasic::test_ignoring_invalid_unicode ERROR tests/test_process.py::_TestProcessBasic::test_incomplete_unicode - asy... ERROR tests/test_process.py::_TestProcessBasic::test_invalid_unicode - asyncs... ERROR tests/test_process.py::_TestProcessBasic::test_kill - asyncssh.public_k... ERROR tests/test_process.py::_TestProcessBasic::test_numeric_signal - asyncss... ERROR tests/test_process.py::_TestProcessBasic::test_old_terminal_info - asyn... ERROR tests/test_process.py::_TestProcessBasic::test_raise_on_exit_signal - a... ERROR tests/test_process.py::_TestProcessBasic::test_raise_on_exit_status - a... ERROR tests/test_process.py::_TestProcessBasic::test_raise_on_timeout - async... ERROR tests/test_process.py::_TestProcessBasic::test_shell - asyncssh.public_... ERROR tests/test_process.py::_TestProcessBasic::test_signal - asyncssh.public... ERROR tests/test_process.py::_TestProcessBasic::test_split_unicode - asyncssh... ERROR tests/test_process.py::_TestProcessBasic::test_subsystem - asyncssh.pub... ERROR tests/test_process.py::_TestProcessBasic::test_terminal_info - asyncssh... ERROR tests/test_process.py::_TestProcessBasic::test_terminate - asyncssh.pub... ERROR tests/test_process.py::_TestProcessBasic::test_unknown_action - asyncss... ERROR tests/test_process.py::_TestProcessRedirection::test_change_stdin_process ERROR tests/test_process.py::_TestProcessRedirection::test_change_stdout - as... ERROR tests/test_process.py::_TestProcessRedirection::test_change_stdout_process ERROR tests/test_process.py::_TestProcessRedirection::test_consecutive_redirect ERROR tests/test_process.py::_TestProcessRedirection::test_forward_break - as... ERROR tests/test_process.py::_TestProcessRedirection::test_forward_signal - a... ERROR tests/test_process.py::_TestProcessRedirection::test_forward_terminal_size ERROR tests/test_process.py::_TestProcessRedirection::test_forward_terminal_size_nontty ERROR tests/test_process.py::_TestProcessRedirection::test_forward_terminal_size_tty ERROR tests/test_process.py::_TestProcessRedirection::test_input - asyncssh.p... ERROR tests/test_process.py::_TestProcessRedirection::test_pause_file_reader ERROR tests/test_process.py::_TestProcessRedirection::test_pause_process_reader ERROR tests/test_process.py::_TestProcessRedirection::test_redirect_process_when_paused ERROR tests/test_process.py::_TestProcessRedirection::test_redirect_stdin_when_paused ERROR tests/test_process.py::_TestProcessRedirection::test_server_redirect_stderr ERROR tests/test_process.py::_TestProcessRedirection::test_server_redirect_stdin ERROR tests/test_process.py::_TestProcessRedirection::test_server_redirect_stdout ERROR tests/test_process.py::_TestProcessRedirection::test_stderr_stdout - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_binary_file ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_bytesio - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_devnull - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_file - async... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_open_binary_file ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_open_file - ... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_pathlib - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_process - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_stream - asy... ERROR tests/test_process.py::_TestProcessRedirection::test_stdin_stringio - a... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_binary_file ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_bytesio - a... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_devnull - a... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_file - asyn... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_open_binary_file ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_open_file ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_open_file_keep_open ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_pathlib - a... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_process - a... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_stream - as... ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_stream_keep_open ERROR tests/test_process.py::_TestProcessRedirection::test_stdout_stringio - ... ERROR tests/test_process.py::_TestProcessPipes::test_stdin_binary_pipe - asyn... ERROR tests/test_process.py::_TestProcessPipes::test_stdin_pipe - asyncssh.pu... ERROR tests/test_process.py::_TestProcessPipes::test_stdin_text_pipe - asyncs... ERROR tests/test_process.py::_TestProcessPipes::test_stdout_binary_pipe - asy... ERROR tests/test_process.py::_TestProcessPipes::test_stdout_pipe - asyncssh.p... ERROR tests/test_process.py::_TestProcessPipes::test_stdout_pipe_keep_open - ... ERROR tests/test_process.py::_TestProcessPipes::test_stdout_text_pipe - async... ERROR tests/test_process.py::_TestProcessPipes::test_stdout_text_pipe_keep_open ERROR tests/test_process.py::_TestProcessSocketPair::test_change_stdin - asyn... ERROR tests/test_process.py::_TestProcessSocketPair::test_pause_socketpair_pipes ERROR tests/test_process.py::_TestProcessSocketPair::test_pause_socketpair_streams ERROR tests/test_process.py::_TestProcessSocketPair::test_stdin_socketpair - ... ERROR tests/test_process.py::_TestProcessSocketPair::test_stdout_socketpair ERROR tests/test_sftp.py::_TestSFTP::test_attrib_extension_response_v6 - asyn... ERROR tests/test_sftp.py::_TestSFTP::test_bad_response_type - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_byte_range_lock_conflict_v6 - async... ERROR tests/test_sftp.py::_TestSFTP::test_byte_range_lock_refused_v6 - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_byte_range_unlock_mismatch_v6 - asy... ERROR tests/test_sftp.py::_TestSFTP::test_cannot_delete_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_chmod - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_chown - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_chown_v4 - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_cleanup_open_files - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_close_after_init - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_closed_file - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_copy - asyncssh.public_key.KeyExpor... ERROR tests/test_sftp.py::_TestSFTP::test_copy_directory_no_recurse - asyncss... ERROR tests/test_sftp.py::_TestSFTP::test_copy_directory_no_recurse_v6 - asyn... ERROR tests/test_sftp.py::_TestSFTP::test_copy_follow_symlinks - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_copy_invalid_name - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_copy_preserve - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_copy_preserve_link - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_copy_preserve_link_unsupported - as... ERROR tests/test_sftp.py::_TestSFTP::test_copy_progress - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_copy_recurse - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_copy_recurse_existing - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_copy_recurse_follow_symlinks - asyn... ERROR tests/test_sftp.py::_TestSFTP::test_delete_pending_v6 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_empty_extension_response_v5 - async... ERROR tests/test_sftp.py::_TestSFTP::test_exists - asyncssh.public_key.KeyExp... ERROR tests/test_sftp.py::_TestSFTP::test_exited_session - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_extension_in_init - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_file_chown - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_file_chown_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_file_corrupt_v6 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_file_handle_skip - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_file_lock - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_file_lock_v6 - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_file_seek - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_file_setstat - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_file_setstat_v6 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_file_stat - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_file_stat_v4 - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_file_stat_v6 - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_file_statvfs - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_file_sync - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_file_truncate - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_file_utime - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_file_utime_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_glob - asyncssh.public_key.KeyExpor... ERROR tests/test_sftp.py::_TestSFTP::test_glob_error_handler - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_glob_error_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_glob_errors - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_immediate_client_close - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_incomplete_init_request - asyncssh.... ERROR tests/test_sftp.py::_TestSFTP::test_incomplete_message - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_incomplete_version_response - async... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_access_flags_v6 - asyncssh.... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_handle - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_handle_v6 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_open56 - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_open_flags_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_invalid_open_mode - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_lexists - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_link - asyncssh.public_key.KeyExpor... ERROR tests/test_sftp.py::_TestSFTP::test_link_v6 - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_listdir - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_listdir_error_v4 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_listdir_v4 - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_lock_conflict_v5 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_log_formatting - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_lsetstat - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_lsetstat_v4 - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_lsetstat_v6 - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_lstat - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_lstat_v4 - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_lstat_v6 - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_lstat_via_stat - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_makedirs_no_parent_perms - asyncssh... ERROR tests/test_sftp.py::_TestSFTP::test_makedirs_no_perms - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_malformed_ok_response - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_malformed_open_request - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_malformed_readlink_response - async... ERROR tests/test_sftp.py::_TestSFTP::test_malformed_realpath_response - async... ERROR tests/test_sftp.py::_TestSFTP::test_missing_request_pktid - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_mkdir - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_bytes_path - asyncssh... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_error_handler - async... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_glob - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_pathlib_path - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_target_not_dir - asyn... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_target_not_dir_v6 - a... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_v4 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_v5 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_multiple_copy_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_no_init - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_no_media_v4 - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_no_space_v5 - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_non_version_response - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_nonstandard_symlink_client - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_nonstandard_version - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTP::test_open56_append_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_open56_exclusive_create_existing_v6 ERROR tests/test_sftp.py::_TestSFTP::test_open56_exclusive_create_v6 - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_open56_overwrite_offset_size_v6 - a... ERROR tests/test_sftp.py::_TestSFTP::test_open56_overwrite_v6 - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTP::test_open56_truncate_v6 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_open56_write_v6 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_open_append - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_open_append_v6 - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_open_exclusive_create - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_open_exclusive_create_existing - as... ERROR tests/test_sftp.py::_TestSFTP::test_open_exclusive_create_existing_v4 ERROR tests/test_sftp.py::_TestSFTP::test_open_exclusive_create_v6 - asyncssh... ERROR tests/test_sftp.py::_TestSFTP::test_open_file_dir_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_open_link_loop_v6 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_open_overwrite - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_open_overwrite_nonexistent - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_open_overwrite_offset_size - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_open_overwrite_offset_size_v6 - asy... ERROR tests/test_sftp.py::_TestSFTP::test_open_read - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_bytes - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_no_blocksize - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_nonexistent - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_not_permitted - asyncssh.... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_offset_size - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_out_of_order - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_open_read_parallel - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_open_truncate - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_open_truncate_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_open_write - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_open_write_bytes - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_open_write_v6 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTP::test_posix_rename - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTP::test_posix_rename_v6 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_quota_exceeded_v5 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_readlink - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_readlink_decode_error - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_readlink_v6 - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_remove - asyncssh.public_key.KeyExp... ERROR tests/test_sftp.py::_TestSFTP::test_rename - asyncssh.public_key.KeyExp... ERROR tests/test_sftp.py::_TestSFTP::test_rename_v6 - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTP::test_rmdir - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_rmdir_not_empty_v6 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree - asyncssh.public_key.KeyExp... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_file - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_ignore_errors - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_non_existent - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_onerror - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_rmdir_failure - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_symlink - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_symlink_onerror - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_rmtree_unlink_failure - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTP::test_setstat - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_setstat_invalid_owner_group_v6 - as... ERROR tests/test_sftp.py::_TestSFTP::test_setstat_v4 - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_short_ok_response - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTP::test_stat - asyncssh.public_key.KeyExpor... ERROR tests/test_sftp.py::_TestSFTP::test_statvfs - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_symlink - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSFTP::test_symlink_encode_error - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_symlink_v4 - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_symlink_v6 - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTP::test_truncate - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_unexpected_client_close - asyncssh.... ERROR tests/test_sftp.py::_TestSFTP::test_unexpected_ok_response - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_unexpected_server_close - asyncssh.... ERROR tests/test_sftp.py::_TestSFTP::test_unknown_extension_response - asyncs... ERROR tests/test_sftp.py::_TestSFTP::test_unknown_principal_v5 - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTP::test_unknown_request - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTP::test_unlink - asyncssh.public_key.KeyExp... ERROR tests/test_sftp.py::_TestSFTP::test_unrecognized_response_pktid - async... ERROR tests/test_sftp.py::_TestSFTP::test_unsupported_extensions - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTP::test_unsupported_extensions_v6 - asyncss... ERROR tests/test_sftp.py::_TestSFTP::test_unsupported_version_response - asyn... ERROR tests/test_sftp.py::_TestSFTP::test_utime - asyncssh.public_key.KeyExpo... ERROR tests/test_sftp.py::_TestSFTP::test_utime_v4 - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSFTP::test_write_close - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTP::test_write_protect_v4 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTP::test_zero_limits - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPCallable::test_stat - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPServerProperties::test_properties - asyncs... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_copy - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_glob - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_makedirs - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_makedirs_v6 - asyncssh... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_readlink - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_realpath - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_realpath_v6 - asyncssh... ERROR tests/test_sftp.py::_TestSFTPChroot::test_chroot_symlink - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPChroot::test_getcwd_and_chdir - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPReadEOFWithAttrs::test_get - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPUnknownError::test_stat_error - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPOpenError::test_open_error_v6 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPIOError::test_put_error - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPIOError::test_read_error - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPIOError::test_write_error - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPSmallBlockSize::test_get - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPSmallBlockSize::test_read - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPEOFDuringCopy::test_get - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPNotImplemented::test_symlink_error - async... ERROR tests/test_sftp.py::_TestSFTPFileType::test_filetype - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPLongname::test_getgrgid_error - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPLongname::test_getpwuid_error - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPLongname::test_glob_hidden - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPLongname::test_longname - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPLongname::test_strftime_error - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPLargeListDir::test_large_listdir - asyncss... ERROR tests/test_sftp.py::_TestSFTPStatVFS::test_file_statvfs - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPStatVFS::test_statvfs - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPChown::test_chown - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPChown::test_chown_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPNonstandardSymlink::test_nonstandard_symlink_client ERROR tests/test_sftp.py::_TestSFTPAsync::test_async_realpath - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_async_realpath_v6 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_attrib_extension_response_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_bad_response_type - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_byte_range_lock_conflict_v6 - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_byte_range_lock_refused_v6 - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_byte_range_unlock_mismatch_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_cannot_delete_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_chmod - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_chown - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_chown_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_cleanup_open_files - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_close_after_init - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_closed_file - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_directory_no_recurse - as... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_directory_no_recurse_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_follow_symlinks - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_invalid_name - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_preserve - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_preserve_link - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_preserve_link_unsupported ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_progress - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_recurse - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_recurse_existing - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_copy_recurse_follow_symlinks ERROR tests/test_sftp.py::_TestSFTPAsync::test_delete_pending_v6 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_empty_extension_response_v5 - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_exists - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPAsync::test_exited_session - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_extension_in_init - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_chown - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_chown_v4 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_corrupt_v6 - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_handle_skip - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_lock - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_lock_v6 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_seek - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_setstat - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_setstat_v6 - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_stat - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_stat_v4 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_stat_v6 - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_statvfs - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_sync - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_truncate - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_utime - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_file_utime_v4 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_glob - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_glob_error_handler - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_glob_error_v4 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_glob_errors - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_immediate_client_close - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_incomplete_init_request - asyn... ERROR tests/test_sftp.py::_TestSFTPAsync::test_incomplete_message - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_incomplete_version_response - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_access_flags_v6 - asyn... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_handle - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_handle_v6 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_open56 - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_open_flags_v6 - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_invalid_open_mode - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lexists - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_link - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_link_v6 - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_listdir - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_listdir_error_v4 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_listdir_v4 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lock_conflict_v5 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_log_formatting - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lsetstat - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lsetstat_v4 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lsetstat_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lstat - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lstat_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lstat_v6 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_lstat_via_stat - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_makedirs_no_parent_perms - asy... ERROR tests/test_sftp.py::_TestSFTPAsync::test_makedirs_no_perms - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_malformed_ok_response - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_malformed_open_request - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_malformed_readlink_response - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_malformed_realpath_response - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_missing_request_pktid - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_mkdir - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_bytes_path - asy... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_error_handler - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_glob - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_pathlib_path - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_target_not_dir ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_target_not_dir_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_v4 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_v5 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_multiple_copy_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_no_init - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_no_media_v4 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_no_space_v5 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_non_version_response - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_nonstandard_symlink_client - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_nonstandard_version - asyncssh... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_append_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_exclusive_create_existing_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_exclusive_create_v6 - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_overwrite_offset_size_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_overwrite_v6 - asyncssh... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_truncate_v6 - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open56_write_v6 - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_append - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_append_v6 - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_exclusive_create - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_exclusive_create_existing ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_exclusive_create_existing_v4 ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_exclusive_create_v6 - asy... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_file_dir_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_link_loop_v6 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_overwrite - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_overwrite_nonexistent - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_overwrite_offset_size - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_overwrite_offset_size_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_bytes - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_no_blocksize - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_nonexistent - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_not_permitted - asyn... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_offset_size - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_out_of_order - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_read_parallel - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_truncate - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_truncate_v6 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_write - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_write_bytes - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_open_write_v6 - asyncssh.publi... ERROR tests/test_sftp.py::_TestSFTPAsync::test_posix_rename - asyncssh.public... ERROR tests/test_sftp.py::_TestSFTPAsync::test_posix_rename_v6 - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_quota_exceeded_v5 - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_readlink - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_readlink_decode_error - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_readlink_v6 - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_remove - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rename - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rename_v6 - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmdir - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmdir_not_empty_v6 - asyncssh.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_file - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_ignore_errors - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_non_existent - asyncssh... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_onerror - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_rmdir_failure - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_symlink - asyncssh.publ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_symlink_onerror - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_rmtree_unlink_failure - asyncs... ERROR tests/test_sftp.py::_TestSFTPAsync::test_setstat - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_setstat_invalid_owner_group_v6 ERROR tests/test_sftp.py::_TestSFTPAsync::test_setstat_v4 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_short_ok_response - asyncssh.p... ERROR tests/test_sftp.py::_TestSFTPAsync::test_stat - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_statvfs - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_symlink - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSFTPAsync::test_symlink_encode_error - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_symlink_v4 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_symlink_v6 - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSFTPAsync::test_truncate - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unexpected_client_close - asyn... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unexpected_ok_response - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unexpected_server_close - asyn... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unknown_extension_response - a... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unknown_principal_v5 - asyncss... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unknown_request - asyncssh.pub... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unlink - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unrecognized_response_pktid - ... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unsupported_extensions - async... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unsupported_extensions_v6 - as... ERROR tests/test_sftp.py::_TestSFTPAsync::test_unsupported_version_response ERROR tests/test_sftp.py::_TestSFTPAsync::test_utime - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSFTPAsync::test_utime_v4 - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSFTPAsync::test_write_close - asyncssh.public_... ERROR tests/test_sftp.py::_TestSFTPAsync::test_write_protect_v4 - asyncssh.pu... ERROR tests/test_sftp.py::_TestSFTPAsync::test_zero_limits - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCP::test_copy - asyncssh.public_key.KeyExport... ERROR tests/test_sftp.py::_TestSCP::test_copy_cancel - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSCP::test_copy_error_handler_sink - asyncssh.p... ERROR tests/test_sftp.py::_TestSCP::test_copy_error_handler_source - asyncssh... ERROR tests/test_sftp.py::_TestSCP::test_copy_multiple - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSCP::test_copy_preserve - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSCP::test_copy_progress - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSCP::test_copy_recurse - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_copy_recurse_existing - asyncssh.pub... ERROR tests/test_sftp.py::_TestSCP::test_copy_recurse_not_directory - asyncss... ERROR tests/test_sftp.py::_TestSCP::test_destination_open_connection - asyncs... ERROR tests/test_sftp.py::_TestSCP::test_get - asyncssh.public_key.KeyExportE... ERROR tests/test_sftp.py::_TestSCP::test_get_cancel - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSCP::test_get_directory_as_file - asyncssh.pub... ERROR tests/test_sftp.py::_TestSCP::test_get_error_handler - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCP::test_get_non_directory_in_path - asyncssh... ERROR tests/test_sftp.py::_TestSCP::test_get_not_permitted - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCP::test_get_preserve - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_get_progress - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_get_recurse - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSCP::test_get_recurse_existing - asyncssh.publ... ERROR tests/test_sftp.py::_TestSCP::test_get_recurse_not_directory - asyncssh... ERROR tests/test_sftp.py::_TestSCP::test_invalid_argument - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSCP::test_invalid_c_argument - asyncssh.public... ERROR tests/test_sftp.py::_TestSCP::test_invalid_t_argument - asyncssh.public... ERROR tests/test_sftp.py::_TestSCP::test_local_copy - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSCP::test_missing_direction - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCP::test_missing_path - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_put - asyncssh.public_key.KeyExportE... ERROR tests/test_sftp.py::_TestSCP::test_put_cancel - asyncssh.public_key.Key... ERROR tests/test_sftp.py::_TestSCP::test_put_must_be_dir - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSCP::test_put_name_too_long - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCP::test_put_non_directory_in_path - asyncssh... ERROR tests/test_sftp.py::_TestSCP::test_put_preserve - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_put_progress - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_put_read_early_eof - asyncssh.public... ERROR tests/test_sftp.py::_TestSCP::test_put_read_error - asyncssh.public_key... ERROR tests/test_sftp.py::_TestSCP::test_put_recurse - asyncssh.public_key.Ke... ERROR tests/test_sftp.py::_TestSCP::test_put_recurse_existing - asyncssh.publ... ERROR tests/test_sftp.py::_TestSCP::test_put_recurse_not_directory - asyncssh... ERROR tests/test_sftp.py::_TestSCP::test_source_bytes - asyncssh.public_key.K... ERROR tests/test_sftp.py::_TestSCP::test_source_open_connection - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCP::test_source_string - asyncssh.public_key.... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy - asyncssh.public_key.KeyE... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_cancel - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_error_handler_sink - async... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_error_handler_source - asy... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_multiple - asyncssh.public... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_preserve - asyncssh.public... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_progress - asyncssh.public... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_recurse - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_recurse_existing - asyncss... ERROR tests/test_sftp.py::_TestSCPAsync::test_copy_recurse_not_directory - as... ERROR tests/test_sftp.py::_TestSCPAsync::test_destination_open_connection - a... ERROR tests/test_sftp.py::_TestSCPAsync::test_get - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_cancel - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_directory_as_file - asyncss... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_error_handler - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_non_directory_in_path - asy... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_not_permitted - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_preserve - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_progress - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_recurse - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_recurse_existing - asyncssh... ERROR tests/test_sftp.py::_TestSCPAsync::test_get_recurse_not_directory - asy... ERROR tests/test_sftp.py::_TestSCPAsync::test_invalid_argument - asyncssh.pub... ERROR tests/test_sftp.py::_TestSCPAsync::test_invalid_c_argument - asyncssh.p... ERROR tests/test_sftp.py::_TestSCPAsync::test_invalid_t_argument - asyncssh.p... ERROR tests/test_sftp.py::_TestSCPAsync::test_local_copy - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSCPAsync::test_missing_direction - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCPAsync::test_missing_path - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_put - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_cancel - asyncssh.public_ke... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_must_be_dir - asyncssh.publ... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_name_too_long - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_non_directory_in_path - asy... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_preserve - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_progress - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_read_early_eof - asyncssh.p... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_read_error - asyncssh.publi... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_recurse - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_recurse_existing - asyncssh... ERROR tests/test_sftp.py::_TestSCPAsync::test_put_recurse_not_directory - asy... ERROR tests/test_sftp.py::_TestSCPAsync::test_source_bytes - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPAsync::test_source_open_connection - asyncs... ERROR tests/test_sftp.py::_TestSCPAsync::test_source_string - asyncssh.public... ERROR tests/test_sftp.py::_TestSCPAttrs::test_get - asyncssh.public_key.KeyEx... ERROR tests/test_sftp.py::_TestSCPAttrs::test_put_not_permitted - asyncssh.pu... ERROR tests/test_sftp.py::_TestSCPAttrs::test_put_recurse_not_directory - asy... ERROR tests/test_sftp.py::_TestSCPIOError::test_copy_error - asyncssh.public_... ERROR tests/test_sftp.py::_TestSCPIOError::test_put_error - asyncssh.public_k... ERROR tests/test_sftp.py::_TestSCPErrors::test_copy_connection_lost_sink - as... ERROR tests/test_sftp.py::_TestSCPErrors::test_copy_connection_lost_source - ... ERROR tests/test_sftp.py::_TestSCPErrors::test_copy_early_eof - asyncssh.publ... ERROR tests/test_sftp.py::_TestSCPErrors::test_copy_extra_e - asyncssh.public... ERROR tests/test_sftp.py::_TestSCPErrors::test_copy_unknown_action - asyncssh... ERROR tests/test_sftp.py::_TestSCPErrors::test_get_directory_without_recurse ERROR tests/test_sftp.py::_TestSCPErrors::test_get_early_eof - asyncssh.publi... ERROR tests/test_sftp.py::_TestSCPErrors::test_get_t_without_preserve - async... ERROR tests/test_sftp.py::_TestSCPErrors::test_get_unknown_action - asyncssh.... ERROR tests/test_sftp.py::_TestSCPErrors::test_put_connection_lost - asyncssh... ERROR tests/test_sftp.py::_TestSCPErrors::test_put_startup_error - asyncssh.p... ERROR tests/test_sftp.py::_TestSCPErrors::test_unknown - asyncssh.public_key.... ERROR tests/test_sk.py::_TestSKAuthKeyNotFound::test_enroll_key_not_found - a... ERROR tests/test_sk.py::_TestSKAuthCTAP1::test_auth - asyncssh.public_key.Key... ERROR tests/test_sk.py::_TestSKAuthCTAP1::test_auth_ctap1_error - asyncssh.pu... ERROR tests/test_sk.py::_TestSKAuthCTAP1::test_enroll_ctap1_error - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthCTAP1::test_sk_unsupported_alg - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_auth - asyncssh.public_key.Key... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_auth_ctap2_error - asyncssh.pu... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_enroll_ctap2_error - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_enroll_pin_invalid - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_enroll_pin_required - asyncssh... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_enroll_with_pin - asyncssh.pub... ERROR tests/test_sk.py::_TestSKAuthCTAP2::test_enroll_without_pin - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthMultipleKeys::test_auth_cred_not_found - a... ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_koad_resident_user_match ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_load_resident - asyncss... ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_load_resident_ctap2_error ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_load_resident_no_match ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_load_resident_pin_invalid ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_load_resident_user_match ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_no_resident_keys - asyn... ERROR tests/test_sk.py::_TestSKAuthResidentKeys::test_pin_not_set - asyncssh.... ERROR tests/test_sk.py::_TestSKAuthTouchNotRequired::test_auth_without_touch ERROR tests/test_sk.py::_TestSKAuthTouchRequiredECDSA::test_auth_touch_required ERROR tests/test_sk.py::_TestSKCertAuthTouchNotRequired::test_cert_auth_cert_touch_not_required ERROR tests/test_sk.py::_TestSKCertAuthTouchNotRequired::test_cert_auth_cert_touch_required ERROR tests/test_sk.py::_TestSKCertAuthTouchRequired::test_cert_auth_cert_touch_required ERROR tests/test_sk.py::_TestSKCertAuthTouchRequired::test_cert_auth_touch_required ERROR tests/test_sk.py::_TestSKHostAuth::test_sk_host_auth - asyncssh.public_... ERROR tests/test_sk.py::_TestSKHostCertAuth::test_sk_host_auth - asyncssh.pub... ERROR tests/test_stream.py::_TestStream::test_abort - asyncssh.public_key.Key... ERROR tests/test_stream.py::_TestStream::test_abort_closed - asyncssh.public_... ERROR tests/test_stream.py::_TestStream::test_async_iterator - asyncssh.publi... ERROR tests/test_stream.py::_TestStream::test_custom_disconnect - asyncssh.pu... ERROR tests/test_stream.py::_TestStream::test_feed - asyncssh.public_key.KeyE... ERROR tests/test_stream.py::_TestStream::test_get_extra_info - asyncssh.publi... ERROR tests/test_stream.py::_TestStream::test_large_block - asyncssh.public_k... ERROR tests/test_stream.py::_TestStream::test_pause_read - asyncssh.public_ke... ERROR tests/test_stream.py::_TestStream::test_read_exception - asyncssh.publi... ERROR tests/test_stream.py::_TestStream::test_readexactly_partial_exception ERROR tests/test_stream.py::_TestStream::test_readline_exception - asyncssh.p... ERROR tests/test_stream.py::_TestStream::test_readline_timeout - asyncssh.pub... ERROR tests/test_stream.py::_TestStream::test_readuntil - asyncssh.public_key... ERROR tests/test_stream.py::_TestStream::test_readuntil_bigger_than_window - ... ERROR tests/test_stream.py::_TestStream::test_readuntil_empty_separator - asy... ERROR tests/test_stream.py::_TestStream::test_readuntil_regex - asyncssh.publ... ERROR tests/test_stream.py::_TestStream::test_readuntil_separator_list - asyn... ERROR tests/test_stream.py::_TestStream::test_shell - asyncssh.public_key.Key... ERROR tests/test_stream.py::_TestStream::test_shell_failure - asyncssh.public... ERROR tests/test_stream.py::_TestStream::test_shell_non_async - asyncssh.publ... ERROR tests/test_stream.py::_TestStream::test_unknown_action - asyncssh.publi... ERROR tests/test_stream.py::_TestStream::test_write_broken_pipe - asyncssh.pu... ERROR tests/test_stream.py::_TestStream::test_write_disconnect - asyncssh.pub... ERROR tests/test_subprocess.py::_TestSubprocess::test_close - asyncssh.public... ERROR tests/test_subprocess.py::_TestSubprocess::test_encoding - asyncssh.pub... ERROR tests/test_subprocess.py::_TestSubprocess::test_exec - asyncssh.public_... ERROR tests/test_subprocess.py::_TestSubprocess::test_exit_status - asyncssh.... ERROR tests/test_subprocess.py::_TestSubprocess::test_input - asyncssh.public... ERROR tests/test_subprocess.py::_TestSubprocess::test_misc - asyncssh.public_... ERROR tests/test_subprocess.py::_TestSubprocess::test_read_pause - asyncssh.p... ERROR tests/test_subprocess.py::_TestSubprocess::test_redirect_stderr - async... ERROR tests/test_subprocess.py::_TestSubprocess::test_shell - asyncssh.public... ERROR tests/test_subprocess.py::_TestSubprocess::test_signal - asyncssh.publi... ERROR tests/test_subprocess.py::_TestSubprocess::test_stdin_abort - asyncssh.... ERROR tests/test_subprocess.py::_TestSubprocess::test_stdin_close - asyncssh.... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_failover_to_utun - async... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_forward_tap - asyncssh.p... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_forward_tun - asyncssh.p... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_forward_utun - asyncssh.... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tap - asyncssh.publ... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tap_error - asyncss... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tap_unavailable - a... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tun - asyncssh.publ... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tun_error - asyncss... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_tun_specific_unit ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_open_utun - asyncssh.pub... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_utun_all_in_use - asyncs... ERROR tests/test_tuntap.py::_TestTunTap::test_darwin_utun_in_use - asyncssh.p... ERROR tests/test_tuntap.py::_TestTunTap::test_invalid_tun_mode - asyncssh.pub... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_all_in_use - asyncssh.pub... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_forward_tap - asyncssh.pu... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_forward_tun - asyncssh.pu... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_open_tap - asyncssh.publi... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_open_tun - asyncssh.publi... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_open_tun_error - asyncssh... ERROR tests/test_tuntap.py::_TestTunTap::test_linux_open_tun_specific_unit - ... ERROR tests/test_tuntap.py::_TestTunTap::test_open_tun_denied - asyncssh.publ... ERROR tests/test_tuntap.py::_TestTunTap::test_open_tun_echo_handler - asyncss... ERROR tests/test_tuntap.py::_TestTunTap::test_open_tun_echo_session - asyncss... ERROR tests/test_tuntap.py::_TestTunTap::test_open_tun_echo_session_channel ERROR tests/test_tuntap.py::_TestTunTap::test_tun_forward_error - asyncssh.pu... ERROR tests/test_tuntap.py::_TestTunTap::test_unknown_platform - asyncssh.pub... ERROR tests/test_x11.py::_TestX11::test_attach_failure - asyncssh.public_key.... ERROR tests/test_x11.py::_TestX11::test_attach_lock_failure - asyncssh.public... ERROR tests/test_x11.py::_TestX11::test_bad_auth_big - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_bad_auth_little - asyncssh.public_key... ERROR tests/test_x11.py::_TestX11::test_connection_refused_big - asyncssh.pub... ERROR tests/test_x11.py::_TestX11::test_connection_refused_little - asyncssh.... ERROR tests/test_x11.py::_TestX11::test_consecutive_different_servers - async... ERROR tests/test_x11.py::_TestX11::test_display_environment - asyncssh.public... ERROR tests/test_x11.py::_TestX11::test_display_not_set - asyncssh.public_key... ERROR tests/test_x11.py::_TestX11::test_domain_socket - asyncssh.public_key.K... ERROR tests/test_x11.py::_TestX11::test_forward_big - asyncssh.public_key.Key... ERROR tests/test_x11.py::_TestX11::test_forward_little - asyncssh.public_key.... ERROR tests/test_x11.py::_TestX11::test_forwarding_denied - asyncssh.public_k... ERROR tests/test_x11.py::_TestX11::test_forwarding_disabled - asyncssh.public... ERROR tests/test_x11.py::_TestX11::test_forwarding_ignore_failure - asyncssh.... ERROR tests/test_x11.py::_TestX11::test_forwarding_not_allowed - asyncssh.pub... ERROR tests/test_x11.py::_TestX11::test_from_connect - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_invalid_display - asyncssh.public_key... ERROR tests/test_x11.py::_TestX11::test_invalid_x11_forwarding_request - asyn... ERROR tests/test_x11.py::_TestX11::test_ipv4_address - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_ipv6_address - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_local_server - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_multiple_sessions - asyncssh.public_k... ERROR tests/test_x11.py::_TestX11::test_no_xauth_match - asyncssh.public_key.... ERROR tests/test_x11.py::_TestX11::test_open_failure - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_open_invalid_unicode - asyncssh.publi... ERROR tests/test_x11.py::_TestX11::test_selective_forwarding - asyncssh.publi... ERROR tests/test_x11.py::_TestX11::test_simultaneous_different_servers - asyn... ERROR tests/test_x11.py::_TestX11::test_simultaneous_sessions - asyncssh.publ... ERROR tests/test_x11.py::_TestX11::test_unknown_action - asyncssh.public_key.... ERROR tests/test_x11.py::_TestX11::test_wildcard_address - asyncssh.public_ke... ERROR tests/test_x11.py::_TestX11::test_xauth_corrupted - asyncssh.public_key... ERROR tests/test_x11.py::_TestX11::test_xauth_dead_lock - asyncssh.public_key... ERROR tests/test_x11.py::_TestX11::test_xauth_empty - asyncssh.public_key.Key... ERROR tests/test_x11.py::_TestX11::test_xauth_environment - asyncssh.public_k... ERROR tests/test_x11.py::_TestX11::test_xauth_lookup - asyncssh.public_key.Ke... ERROR tests/test_x11.py::_TestX11::test_xauth_missing - asyncssh.public_key.K... ERROR tests/test_x11.py::_TestX11::test_xauth_update - asyncssh.public_key.Ke... =========== 179 passed, 9 skipped, 1436 errors in 259.07s (0:04:19) ============ E: pybuild pybuild:389: test: plugin pyproject failed with: exit code=1: cd /<>/.pybuild/cpython3_3.13_asyncssh/build; python3.13 -m pytest tests I: pybuild base:311: cd /<>/.pybuild/cpython3_3.12_asyncssh/build; python3.12 -m pytest tests ============================= test session starts ============================== platform linux -- Python 3.12.7, pytest-8.3.3, pluggy-1.5.0 rootdir: /<> configfile: tox.ini plugins: typeguard-4.4.1 collected 1624 items tests/test_agent.py ................... [ 1%] tests/test_asn1.py . [ 1%] tests/test_auth.py ........ [ 1%] tests/test_auth_keys.py ...s..... [ 2%] tests/test_channel.py .................................................. [ 5%] .................................................................. [ 9%] tests/test_compression.py . [ 9%] tests/test_config.py ................................................... [ 12%] ......... [ 13%] tests/test_connection.py ..................s..................ss........ [ 16%] ........................................................................ [ 20%] ................................s....................................... [ 24%] ............. [ 25%] tests/test_connection_auth.py ..............................s........... [ 28%] .....................s.................................................. [ 32%] ........................................................................ [ 37%] ............................................... [ 40%] tests/test_editor.py .................... [ 41%] tests/test_encryption.py .. [ 41%] tests/test_forward.py .................................................. [ 44%] ........................................................................ [ 48%] .................. [ 50%] tests/test_kex.py ..........s [ 50%] tests/test_known_hosts.py ................ [ 51%] tests/test_logging.py ......... [ 52%] tests/test_mac.py .. [ 52%] tests/test_packet.py .. [ 52%] tests/test_pkcs11.py ............ [ 53%] tests/test_process.py .................................................. [ 56%] ................sssssss............. [ 58%] tests/test_public_key.py ................ [ 59%] tests/test_saslprep.py ....... [ 59%] tests/test_sftp.py ..................................................... [ 63%] ........................................................................ [ 67%] ........................................................................ [ 72%] ........................................................................ [ 76%] ........................................................................ [ 80%] ........................................................................ [ 85%] ........................................................................ [ 89%] ........... [ 90%] tests/test_sk.py ............................. [ 92%] tests/test_stream.py ....................... [ 93%] tests/test_subprocess.py ............ [ 94%] tests/test_tuntap.py sssssssssssss.............. [ 96%] tests/test_x11.py ...................................... [ 98%] tests/test_x509.py ......................... [100%] ================= 1596 passed, 28 skipped in 306.92s (0:05:06) ================= dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.13 3.12" returned exit code 13 make[1]: *** [debian/rules:16: override_dh_auto_test] Error 25 make[1]: Leaving directory '/<>' make: *** [debian/rules:8: binary] Error 2 dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 -------------------------------------------------------------------------------- Build finished at 2024-11-18T01:01:22Z Finished -------- +------------------------------------------------------------------------------+ | Cleanup | +------------------------------------------------------------------------------+ Purging /<> Not cleaning session: cloned chroot in use E: Build failure (dpkg-buildpackage died) +------------------------------------------------------------------------------+ | Summary | +------------------------------------------------------------------------------+ Build Architecture: arm64 Build Type: binary Build-Space: 19480 Build-Time: 574 Distribution: sid Fail-Stage: build Host Architecture: arm64 Install-Time: 57 Job: /tmp/debusine-fetch-exec-upload-vdqqxp_1/python-asyncssh_2.18.0-1.dsc Machine Architecture: arm64 Package: python-asyncssh Package-Time: 667 Source-Version: 2.18.0-1 Space: 19480 Status: attempted Version: 2.18.0-1 -------------------------------------------------------------------------------- Finished at 2024-11-18T01:01:22Z Build needed 00:11:07, 19480k disk space